示例#1
0
文件: module.php 项目: 4uva4ek/svato
function getUsersArray($result, $cfg, $inDB)
{
    $users = array();
    while ($usr = $inDB->fetch_assoc($result)) {
        if ($cfg['admin_editor']) {
            if (cmsUser::userIsAdmin($usr['id'])) {
                $usr['genderlink'] = cmsUser::getGenderLink($usr['id'], $usr['nickname'], $usr['gender'], $usr['login'], "color:{$cfg['color_admin']}");
            } elseif (cmsUser::userIsEditor($usr['id'])) {
                $usr['genderlink'] = cmsUser::getGenderLink($usr['id'], $usr['nickname'], $usr['gender'], $usr['login'], "color:{$cfg['color_editor']}");
            } else {
                $usr['genderlink'] = cmsUser::getGenderLink($usr['id'], $usr['nickname'], $usr['gender'], $usr['login']);
            }
        } else {
            $usr['genderlink'] = cmsUser::getGenderLink($usr['id'], $usr['nickname'], $usr['gender'], $usr['login']);
        }
        $users[] = $usr['genderlink'];
    }
    return $users;
}
示例#2
0
function applet_userbanlist()
{
    $inCore = cmsCore::getInstance();
    $inDB = cmsDatabase::getInstance();
    $inUser = cmsUser::getInstance();
    global $_LANG;
    global $adminAccess;
    if (!cmsUser::isAdminCan('admin/users', $adminAccess)) {
        cpAccessDenied();
    }
    $GLOBALS['cp_page_title'] = $_LANG['AD_BANLIST'];
    cpAddPathway($_LANG['AD_USERS'], 'index.php?view=users');
    cpAddPathway($_LANG['AD_BANLIST'], 'index.php?view=userbanlist');
    $do = cmsCore::request('do', 'str', 'list');
    $id = cmsCore::request('id', 'int', -1);
    $to = cmsCore::request('to', 'int', 0);
    // для редиректа обратно в профиль на сайт
    if ($to) {
        cmsUser::sessionPut('back_url', cmsCore::getBackURL());
    }
    if ($do == 'list') {
        $toolmenu[] = array('icon' => 'useradd.gif', 'title' => $_LANG['AD_TO_BANLIST_ADD'], 'link' => '?view=userbanlist&do=add');
        $toolmenu[] = array('icon' => 'edit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=userbanlist&do=edit&multiple=1');");
        $toolmenu[] = array('icon' => 'delete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:checkSel('?view=userbanlist&do=delete&multiple=1');");
        cpToolMenu($toolmenu);
        $fields[] = array('title' => 'id', 'field' => 'id', 'width' => '30');
        $fields[] = array('title' => $_LANG['AD_IS_ACTIVE'], 'field' => 'status', 'width' => '55', 'prc' => 'cpYesNo');
        $fields[] = array('title' => $_LANG['AD_BANLIST_USER'], 'field' => 'user_id', 'width' => '120', 'filter' => '12', 'prc' => 'cpUserNick');
        $fields[] = array('title' => $_LANG['AD_BANLIST_IP'], 'field' => 'ip', 'width' => '100', 'link' => '?view=userbanlist&do=edit&id=%id%', 'filter' => '12');
        $fields[] = array('title' => $_LANG['DATE'], 'field' => 'bandate', 'width' => '', 'fdate' => '%d/%m/%Y %H:%i:%s', 'filter' => '12');
        $fields[] = array('title' => $_LANG['AD_BANLIST_TIME'], 'field' => 'int_num', 'width' => '55');
        $fields[] = array('title' => '', 'field' => 'int_period', 'width' => '70');
        $fields[] = array('title' => $_LANG['AD_AUTOREMOVE'], 'field' => 'autodelete', 'width' => '90', 'prc' => 'cpYesNo');
        $actions[] = array('title' => $_LANG['EDIT'], 'icon' => 'edit.gif', 'link' => '?view=userbanlist&do=edit&id=%id%');
        $actions[] = array('title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_REMOVE_RULE'], 'link' => '?view=userbanlist&do=delete&id=%id%');
        cpListTable('cms_banlist', $fields, $actions, '1=1', 'ip DESC');
    }
    if ($do == 'delete') {
        if (!isset($_REQUEST['item'])) {
            if ($id >= 0) {
                dbDelete('cms_banlist', $id);
            }
        } else {
            dbDeleteList('cms_banlist', cmsCore::request('item', 'array_int', array()));
        }
        cmsCore::redirect('?view=userbanlist');
    }
    if ($do == 'submit' || $do == 'update') {
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::error404();
        }
        $types = array('user_id' => array('user_id', 'int', 0), 'ip' => array('ip', 'str', ''), 'cause' => array('cause', 'str', ''), 'autodelete' => array('autodelete', 'int', 0), 'int_num' => array('int_num', 'int', 0), 'int_period' => array('int_period', 'str', '', create_function('$p', 'if(!in_array($p, array("MONTH","DAY","HOUR","MINUTE"))){ $p = "MINUTE"; } return $p;')));
        $items = cmsCore::getArrayFromRequest($types);
        $error = false;
        if (!$items['ip']) {
            $error = true;
            cmsCore::addSessionMessage($_LANG['AD_NEED_IP'], 'error');
        }
        if ($items['ip'] == $_SERVER['REMOTE_ADDR'] || $items['user_id'] == $inUser->id) {
            $error = true;
            cmsCore::addSessionMessage($_LANG['AD_ITS_YOUR_IP'], 'error');
        }
        if (cmsUser::userIsAdmin($items['user_id'])) {
            $error = true;
            cmsCore::addSessionMessage($_LANG['AD_ITS_ADMIN'], 'error');
        }
        if ($error) {
            cmsCore::redirectBack();
        }
        if ($do == 'update') {
            $inDB->update('cms_banlist', $items, $id);
            if (empty($_SESSION['editlist'])) {
                cmsCore::redirect('?view=userbanlist');
            } else {
                cmsCore::redirect('?view=userbanlist&do=edit');
            }
        }
        $inDB->insert('cms_banlist', $items);
        $back_url = cmsUser::sessionGet('back_url');
        cmsUser::sessionDel('back_url');
        cmsCore::redirect($back_url ? $back_url : '?view=userbanlist');
    }
    if ($do == 'add' || $do == 'edit') {
        $GLOBALS['cp_page_head'][] = '<script language="JavaScript" type="text/javascript" src="/admin/js/banlist.js"></script>';
        $toolmenu[] = array('icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();');
        $toolmenu[] = array('icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'javascript:history.go(-1);');
        cpToolMenu($toolmenu);
        if ($do == 'add') {
            echo '<h3>' . $_LANG['AD_TO_BANLIST_ADD'] . '</h3>';
            cpAddPathway($_LANG['AD_TO_BANLIST_ADD']);
        } else {
            if (isset($_REQUEST['multiple'])) {
                if (isset($_REQUEST['item'])) {
                    $_SESSION['editlist'] = cmsCore::request('item', 'array_int', array());
                } else {
                    cmsCore::addSessionMessage($_LANG['AD_NO_SELECT_OBJECTS'], 'error');
                    cmsCore::redirectBack();
                }
            }
            $ostatok = '';
            if (isset($_SESSION['editlist'])) {
                $item_id = array_shift($_SESSION['editlist']);
                if (sizeof($_SESSION['editlist']) == 0) {
                    unset($_SESSION['editlist']);
                } else {
                    $ostatok = '(' . $_LANG['AD_NEXT_IN'] . sizeof($_SESSION['editlist']) . ')';
                }
            } else {
                $item_id = cmsCore::request('id', 'int', 0);
            }
            $mod = $inDB->get_fields('cms_banlist', "id = '{$item_id}'", '*');
            if (!$mod) {
                cmsCore::error404();
            }
            echo '<h3>' . $_LANG['AD_EDIT_RULE'] . ' ' . $ostatok . '</h3>';
            cpAddPathway($_LANG['AD_EDIT_RULE']);
        }
        ?>
	  <div style="margin-top:2px;padding:10px;border:dotted 1px silver; width:508px;background:#FFFFCC">
	  	<div style="font-weight:bold"><?php 
        echo $_LANG['ATTENTION'];
        ?>
!</div>
		<div><?php 
        echo $_LANG['AD_CAUTION_INFO_0'];
        ?>
</div>
		<div><?php 
        echo $_LANG['AD_CAUTION_INFO_1'];
        ?>
</div>
	  </div>
      <form id="addform" name="addform" method="post" action="index.php?view=userbanlist">
        <input type="hidden" name="csrf_token" value="<?php 
        echo cmsUser::getCsrfToken();
        ?>
" />
        <table width="530" border="0" cellspacing="5" class="proptable">
          <tr>
            <td width="150" valign="top"><div><strong><?php 
        echo $_LANG['AD_BANLIST_USER'];
        ?>
: </strong></div></td>
			<?php 
        if ($do == 'add' && $to) {
            $mod['user_id'] = $to;
            $mod['ip'] = $inDB->get_field('cms_users', 'id=' . $to, 'last_ip');
        }
        ?>
            <td valign="top">
				<select name="user_id" id="user_id" onchange="loadUserIp()" style="width: 250px;">
                    <option value="0" <?php 
        if (@(!$mod['user_id'])) {
            echo 'selected="selected"';
        }
        ?>
><?php 
        echo $_LANG['AD_WHITHOUT_USER'];
        ?>
</option>
                    <?php 
        if (isset($mod['user_id'])) {
            echo $inCore->getListItems('cms_users', $mod['user_id'], 'nickname', 'ASC', 'is_deleted=0 AND is_locked=0', 'id', 'nickname');
        } else {
            echo $inCore->getListItems('cms_users', 0, 'nickname', 'ASC', 'is_deleted=0 AND is_locked=0', 'id', 'nickname');
        }
        ?>
				</select>
            </td>
          </tr>
          <tr>
            <td valign="top"><strong><?php 
        echo $_LANG['AD_BANLIST_IP'];
        ?>
:</strong></td>
            <td valign="top"><input name="ip" type="text" id="ip" style="width: 244px;" value="<?php 
        echo @$mod['ip'];
        ?>
"/></td>
          </tr>
          <tr>
            <td valign="top"><strong><?php 
        echo $_LANG['AD_BANLIST_CAUSE'];
        ?>
:</strong></td>
            <td valign="top">
                <textarea name="cause" style="width:240px" rows="5"><?php 
        echo @$mod['cause'];
        ?>
</textarea>
            </td>
          </tr>
		  <?php 
        $forever = false;
        if (!@$mod['int_num']) {
            $forever = true;
        }
        ?>
          <tr>
            <td valign="top"><strong><?php 
        echo $_LANG['AD_BAN_FOREVER'];
        ?>
</strong></td>
            <td valign="top"><input type="checkbox" name="forever" value="1" <?php 
        if ($forever) {
            echo 'checked="checked"';
        }
        ?>
 onclick="$('tr.bantime').toggle();"/></td>
          </tr>
          <tr class="bantime">
            <td valign="top"><strong><?php 
        echo $_LANG['AD_BAN_FOR_TIME'];
        ?>
</strong> </td>

            <td valign="top"><p>
            <input name="int_num" type="text" id="int_num" size="5" value="<?php 
        echo @(int) $mod['int_num'];
        ?>
"/>
              <select name="int_period" id="int_period">
                <option value="MINUTE"  <?php 
        if (@mb_strstr($mod['int_period'], 'MINUTE')) {
            echo 'selected="selected"';
        }
        ?>
><?php 
        echo $_LANG['MINUTE10'];
        ?>
</option>]
                <option value="HOUR"  <?php 
        if (@mb_strstr($mod['int_period'], 'HOUR')) {
            echo 'selected="selected"';
        }
        ?>
><?php 
        echo $_LANG['HOUR10'];
        ?>
</option>
                <option value="DAY" <?php 
        if (@mb_strstr($mod['int_period'], 'DAY')) {
            echo 'selected="selected"';
        }
        ?>
><?php 
        echo $_LANG['DAY10'];
        ?>
</option>
                <option value="MONTH" <?php 
        if (@mb_strstr($mod['int_period'], 'MONTH')) {
            echo 'selected="selected"';
        }
        ?>
><?php 
        echo $_LANG['MONTH10'];
        ?>
</option>
              </select>
            </p>
            <p><label><input name="autodelete" type="checkbox" id="autodelete" value="1" <?php 
        if ($mod['autodelete']) {
            echo 'checked="checked"';
        }
        ?>
 /> <?php 
        echo $_LANG['AD_REMOVE_BAN'];
        ?>
</label></p>
            </td>
          </tr>
		  <?php 
        if ($forever) {
            ?>
<script type="text/javascript">$('tr.bantime').hide();</script><?php 
        }
        ?>
        </table>
        <p>
          <label>
          <input name="add_mod" type="submit" id="add_mod" <?php 
        if ($do == 'add') {
            echo 'value="' . $_LANG['AD_TO_BANLIST_ADD'] . '"';
        } else {
            echo 'value="' . $_LANG['SAVE'] . '"';
        }
        ?>
 />
          </label>
          <label><span style="margin-top:15px">
          <input name="back" type="button" id="back" value="<?php 
        echo $_LANG['CANCEL'];
        ?>
" onclick="window.history.back();"/>
          </span></label>
          <input name="do" type="hidden" id="do" <?php 
        if ($do == 'add') {
            echo 'value="submit"';
        } else {
            echo 'value="update"';
        }
        ?>
 />
          <?php 
        if ($do == 'edit') {
            echo '<input name="id" type="hidden" value="' . $mod['id'] . '" />';
        }
        ?>
        </p>
      </form>
	<?php 
    }
}
示例#3
0
function registration()
{
    header('X-Frame-Options: DENY');
    $inCore = cmsCore::getInstance();
    $inPage = cmsPage::getInstance();
    $inDB = cmsDatabase::getInstance();
    $inUser = cmsUser::getInstance();
    $inConf = cmsConfig::getInstance();
    $model = new cms_model_registration();
    cmsCore::loadModel('users');
    $users_model = new cms_model_users();
    global $_LANG;
    $do = $inCore->do;
    //============================================================================//
    if ($do == 'sendremind') {
        if ($inUser->id) {
            cmsCore::error404();
        }
        $inPage->setTitle($_LANG['REMINDER_PASS']);
        $inPage->addPathway($_LANG['REMINDER_PASS']);
        if (!cmsCore::inRequest('goremind')) {
            cmsPage::initTemplate('components', 'com_registration_sendremind')->display('com_registration_sendremind.tpl');
        } else {
            if (!cmsUser::checkCsrfToken()) {
                cmsCore::error404();
            }
            $email = cmsCore::request('email', 'email', '');
            if (!$email) {
                cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error');
                cmsCore::redirectBack();
            }
            $usr = cmsUser::getShortUserData($email);
            if (!$usr || $usr['is_locked'] || $usr['is_deleted']) {
                cmsCore::addSessionMessage($_LANG['ADRESS'] . ' "' . $email . '" ' . $_LANG['NOT_IN_OUR_BASE'], 'error');
                cmsCore::redirectBack();
            }
            if (cmsUser::userIsAdmin($usr['id'])) {
                cmsCore::addSessionMessage($_LANG['NOT_ADMIN_SENDREMIND'], 'error');
                cmsCore::redirectBack();
            }
            $usercode = md5($usr['id'] . '-' . uniqid() . '-' . microtime() . '-' . PATH);
            $sql = "INSERT cms_users_activate (pubdate, user_id, code)\n                VALUES (NOW(), '{$usr['id']}', '{$usercode}')";
            $inDB->query($sql);
            $newpass_link = HOST . '/registration/remind/' . $usercode;
            $mail_message = $_LANG['HELLO'] . ', ' . $usr['nickname'] . '!' . "\n\n";
            $mail_message .= $_LANG['REMINDER_TEXT'] . ' "' . $inConf->sitename . '".' . "\n\n";
            $mail_message .= $_LANG['YOUR_LOGIN'] . ': ' . $usr['login'] . "\n\n";
            $mail_message .= $_LANG['NEW_PASS_LINK'] . ":\n" . $newpass_link . "\n\n";
            $mail_message .= $_LANG['LINK_EXPIRES'] . "\n\n";
            $mail_message .= $_LANG['SIGNATURE'] . ', ' . $inConf->sitename . ' (' . HOST . ').' . "\n";
            $mail_message .= date('d-m-Y (H:i)');
            $inCore->mailText($email, $inConf->sitename . ' - ' . $_LANG['REMINDER_PASS'], $mail_message);
            cmsCore::addSessionMessage($_LANG['NEW_PAS_SENDED'], 'info');
            cmsCore::redirect('/login');
        }
    }
    //============================================================================//
    if ($do == 'remind') {
        if ($inUser->id) {
            cmsCore::error404();
        }
        $usercode = cmsCore::request('code', 'str', '');
        //проверяем формат кода
        if (!preg_match('/^[0-9a-f]{32}$/i', $usercode)) {
            cmsCore::error404();
        }
        // проверяем код
        $user_id = $inDB->get_field('cms_users_activate', "code = '{$usercode}'", 'user_id');
        if (!$user_id) {
            cmsCore::error404();
        }
        //получаем пользователя
        $user = $inDB->get_fields('cms_users', "id = '{$user_id}'", '*');
        if (!$user) {
            cmsCore::error404();
        }
        if (cmsUser::userIsAdmin($user['id'])) {
            cmsCore::error404();
        }
        if (cmsCore::inRequest('submit')) {
            if (!cmsUser::checkCsrfToken()) {
                cmsCore::error404();
            }
            $errors = false;
            $pass = cmsCore::request('pass', 'str', '');
            $pass2 = cmsCore::request('pass2', 'str', '');
            if (!$pass) {
                cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error');
                $errors = true;
            }
            if ($pass && !$pass2) {
                cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error');
                $errors = true;
            }
            if ($pass && $pass2 && mb_strlen($pass) < 6) {
                cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error');
                $errors = true;
            }
            if ($pass && $pass2 && $pass != $pass2) {
                cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error');
                $errors = true;
            }
            if ($errors) {
                cmsCore::redirectBack();
            }
            $md5_pass = md5($pass);
            $inDB->query("UPDATE cms_users SET password = '******', logdate = NOW() WHERE id = '{$user['id']}'");
            $inDB->query("DELETE FROM cms_users_activate WHERE code = '{$usercode}'");
            cmsCore::addSessionMessage($_LANG['CHANGE_PASS_COMPLETED'], 'info');
            $inUser->signInUser($user['login'], $pass, true);
            cmsCore::redirect(cmsUser::getProfileURL($user['login']));
        }
        $inPage->setTitle($_LANG['RECOVER_PASS']);
        $inPage->addPathway($_LANG['RECOVER_PASS']);
        cmsPage::initTemplate('components', 'com_registration_remind')->assign('cfg', $model->config)->assign('user', $user)->display('com_registration_remind.tpl');
    }
    //============================================================================//
    if ($do == 'register') {
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::error404();
        }
        if ($inUser->id && !$inUser->is_admin) {
            if ($inCore->menuId() == 1) {
                return;
            } else {
                cmsCore::error404();
            }
        }
        // регистрация закрыта
        if (!$model->config['is_on']) {
            cmsCore::error404();
        }
        // регистрация по инвайтам
        if ($model->config['reg_type'] == 'invite') {
            if (!$users_model->checkInvite(cmsUser::sessionGet('invite_code'))) {
                cmsCore::error404();
            }
        }
        $errors = false;
        // получаем данные
        $item['login'] = cmsCore::request('login', 'str', '');
        $item['email'] = cmsCore::request('email', 'email');
        $item['icq'] = cmsCore::request('icq', 'str', '');
        $item['city'] = cmsCore::request('city', 'str', '');
        $item['nickname'] = cmsCore::request('nickname', 'str', '');
        $item['realname1'] = cmsCore::request('realname1', 'str', '');
        $item['realname2'] = cmsCore::request('realname2', 'str', '');
        $pass = cmsCore::request('pass', 'str', '');
        $pass2 = cmsCore::request('pass2', 'str', '');
        // проверяем логин
        if (mb_strlen($item['login']) < 2 || mb_strlen($item['login']) > 15 || is_numeric($item['login']) || !preg_match("/^([a-z0-9])+\$/ui", $item['login'])) {
            cmsCore::addSessionMessage($_LANG['ERR_LOGIN'], 'error');
            $errors = true;
        }
        // проверяем пароль
        if (!$pass) {
            cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error');
            $errors = true;
        }
        if ($pass && !$pass2) {
            cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error');
            $errors = true;
        }
        if ($pass && $pass2 && mb_strlen($pass) < 6) {
            cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error');
            $errors = true;
        }
        if ($pass && $pass2 && $pass != $pass2) {
            cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error');
            $errors = true;
        }
        // Проверяем nickname или имя и фамилию
        if ($model->config['name_mode'] == 'nickname') {
            if (!$item['nickname']) {
                cmsCore::addSessionMessage($_LANG['TYPE_NICKNAME'], 'error');
                $errors = true;
            }
        } else {
            if (!$item['realname1']) {
                cmsCore::addSessionMessage($_LANG['TYPE_NAME'], 'error');
                $errors = true;
            }
            if (!$item['realname2']) {
                cmsCore::addSessionMessage($_LANG['TYPE_SONAME'], 'error');
                $errors = true;
            }
            $item['nickname'] = trim($item['realname1']) . ' ' . trim($item['realname2']);
        }
        if (mb_strlen($item['nickname']) < 2) {
            cmsCore::addSessionMessage($_LANG['SHORT_NICKNAME'], 'error');
            $errors = true;
        }
        if ($model->getBadNickname($item['nickname'])) {
            cmsCore::addSessionMessage($_LANG['ERR_NICK_EXISTS'], 'error');
            $errors = true;
        }
        // Проверяем email
        if (!$item['email']) {
            cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error');
            $errors = true;
        }
        // День рождения
        list($item['bday'], $item['bmonth'], $item['byear']) = array_values(cmsCore::request('birthdate', 'array_int', array()));
        $item['birthdate'] = sprintf('%04d-%02d-%02d', $item['byear'], $item['bmonth'], $item['bday']);
        // получаем данные конструктора форм
        $item['formsdata'] = '';
        if (isset($users_model->config['privforms'])) {
            if (is_array($users_model->config['privforms'])) {
                foreach ($users_model->config['privforms'] as $form_id) {
                    $form_input = cmsForm::getFieldsInputValues($form_id);
                    $item['formsdata'] .= $inDB->escape_string(cmsCore::arrayToYaml($form_input['values']));
                    // Проверяем значения формы
                    foreach ($form_input['errors'] as $field_error) {
                        if ($field_error) {
                            cmsCore::addSessionMessage($field_error, 'error');
                            $errors = true;
                        }
                    }
                }
            }
        }
        // Проверяем каптчу
        if (!cmsPage::checkCaptchaCode()) {
            cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error');
            $errors = true;
        }
        // проверяем есть ли такой пользователь
        $user_exist = $inDB->get_fields('cms_users', "(login LIKE '{$item['login']}' OR email LIKE '{$item['email']}') AND is_deleted = 0", 'id, login, email');
        if ($user_exist) {
            if ($user_exist['login'] == $item['login']) {
                cmsCore::addSessionMessage($_LANG['LOGIN'] . ' "' . $item['login'] . '" ' . $_LANG['IS_BUSY'], 'error');
                $errors = true;
            } else {
                cmsCore::addSessionMessage($_LANG['EMAIL_IS_BUSY'], 'error');
                $errors = true;
            }
        }
        // В случае ошибок, возвращаемся в форму
        if ($errors) {
            cmsUser::sessionPut('item', $item);
            cmsCore::redirect('/registration');
        }
        //////////////////////////////////////////////
        //////////// РЕГИСТРАЦИЯ /////////////////////
        //////////////////////////////////////////////
        $item['is_locked'] = $model->config['act'];
        $item['password'] = md5($pass);
        $item['orig_password'] = $pass;
        $item['group_id'] = $model->config['default_gid'];
        $item['regdate'] = date('Y-m-d H:i:s');
        $item['logdate'] = date('Y-m-d H:i:s');
        if (cmsUser::sessionGet('invite_code')) {
            $invite_code = cmsUser::sessionGet('invite_code');
            $item['invited_by'] = (int) $users_model->getInviteOwner($invite_code);
            if ($item['invited_by']) {
                $users_model->closeInvite($invite_code);
            }
            cmsUser::sessionDel('invite_code');
        } else {
            $item['invited_by'] = 0;
        }
        $item = cmsCore::callEvent('USER_BEFORE_REGISTER', $item);
        $item['id'] = $item['user_id'] = $inDB->insert('cms_users', $item);
        if (!$item['id']) {
            cmsCore::error404();
        }
        $inDB->insert('cms_user_profiles', $item);
        cmsCore::callEvent('USER_REGISTER', $item);
        if ($item['is_locked']) {
            $model->sendActivationNotice($pass, $item['id']);
            cmsPage::includeTemplateFile('special/regactivate.php');
            cmsCore::halt();
        } else {
            cmsActions::log('add_user', array('object' => '', 'user_id' => $item['id'], 'object_url' => '', 'object_id' => $item['id'], 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => ''));
            if ($model->config['send_greetmsg']) {
                $model->sendGreetsMessage($item['id']);
            }
            $model->sendRegistrationNotice($pass, $item['id']);
            $back_url = $inUser->signInUser($item['login'], $pass, true);
            cmsCore::redirect($back_url);
        }
    }
    //============================================================================//
    if ($do == 'view') {
        $pagetitle = $inCore->getComponentTitle();
        $inPage->setTitle($pagetitle);
        $inPage->addPathway($pagetitle);
        $inPage->addHeadJsLang(array('WRONG_PASS'));
        // Если пользователь авторизован, то не показываем форму регистрации, редирект в профиль.
        if ($inUser->id && !$inUser->is_admin) {
            if ($inCore->menuId() == 1) {
                return;
            } else {
                cmsCore::redirect(cmsUser::getProfileURL($inUser->login));
            }
        }
        $correct_invite = cmsUser::sessionGet('invite_code') ? true : false;
        if ($model->config['reg_type'] == 'invite' && cmsCore::inRequest('invite_code')) {
            $invite_code = cmsCore::request('invite_code', 'str', '');
            $correct_invite = $users_model->checkInvite($invite_code);
            if ($correct_invite) {
                cmsUser::sessionPut('invite_code', $invite_code);
            } else {
                cmsCore::addSessionMessage($_LANG['INCORRECT_INVITE'], 'error');
            }
        }
        $item = cmsUser::sessionGet('item');
        if ($item) {
            cmsUser::sessionDel('item');
        }
        if (empty($item['birthdate'])) {
            $item['birthdate'] = date('Y-m-d');
        }
        $private_forms = array();
        if (isset($users_model->config['privforms'])) {
            if (is_array($users_model->config['privforms'])) {
                foreach ($users_model->config['privforms'] as $form_id) {
                    $private_forms = array_merge($private_forms, cmsForm::getFieldsHtml($form_id, array(), true));
                }
            }
        }
        cmsPage::initTemplate('components', 'com_registration')->assign('cfg', $model->config)->assign('item', $item)->assign('pagetitle', $pagetitle)->assign('correct_invite', $correct_invite)->assign('private_forms', $private_forms)->display('com_registration.tpl');
    }
    //============================================================================//
    if ($do == 'activate') {
        $code = cmsCore::request('code', 'str', '');
        if (!$code) {
            cmsCore::error404();
        }
        $user_id = $inDB->get_field('cms_users_activate', "code = '{$code}'", 'user_id');
        if (!$user_id) {
            cmsCore::error404();
        }
        $inDB->query("UPDATE cms_users SET is_locked = 0 WHERE id = '{$user_id}'");
        $inDB->query("DELETE FROM cms_users_activate WHERE code = '{$code}'");
        cmsCore::callEvent('USER_ACTIVATED', $user_id);
        if ($model->config['send_greetmsg']) {
            $model->sendGreetsMessage($user_id);
        }
        // Регистрируем событие
        cmsActions::log('add_user', array('object' => '', 'user_id' => $user_id, 'object_url' => '', 'object_id' => $user_id, 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => ''));
        cmsCore::addSessionMessage($_LANG['ACTIVATION_COMPLETE'], 'info');
        cmsUser::goToLogin();
    }
    //============================================================================//
    if ($do == 'auth') {
        //====================//
        //==  разлогивание  ==//
        if (cmsCore::inRequest('logout')) {
            $inUser->logout();
            cmsCore::redirect('/');
        }
        //====================//
        //==  авторизация  ==//
        if (!cmsCore::inRequest('logout')) {
            // флаг неуспешных авторизаций
            $anti_brute_force = cmsUser::sessionGet('anti_brute_force');
            $login = cmsCore::request('login', 'str', '');
            $passw = cmsCore::request('pass', 'str', '');
            $remember_pass = cmsCore::inRequest('remember');
            // если нет логина или пароля, показываем форму входа
            if (!$login || !$passw) {
                if ($inUser->id && !$inUser->is_admin) {
                    cmsCore::redirect('/');
                }
                $inPage->setTitle($_LANG['SITE_LOGIN']);
                $inPage->addPathway($_LANG['SITE_LOGIN']);
                cmsPage::initTemplate('components', 'com_registration_login')->assign('cfg', $model->config)->assign('anti_brute_force', $anti_brute_force)->assign('is_sess_back', cmsUser::sessionGet('auth_back_url'))->display('com_registration_login.tpl');
                if (!mb_strstr(cmsCore::getBackURL(), 'login')) {
                    cmsUser::sessionPut('auth_back_url', cmsCore::getBackURL());
                }
                return;
            }
            if (!cmsUser::checkCsrfToken()) {
                cmsCore::error404();
            }
            // Проверяем каптчу
            if ($anti_brute_force && !cmsPage::checkCaptchaCode()) {
                cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error');
                cmsCore::redirect('/login');
            }
            cmsUser::sessionDel('anti_brute_force');
            $back_url = $inUser->signInUser($login, $passw, $remember_pass);
            cmsCore::redirect($back_url);
        }
    }
    //============================================================================//
    if ($do == 'autherror') {
        cmsUser::sessionPut('anti_brute_force', 1);
        cmsPage::includeTemplateFile('special/autherror.php');
        cmsCore::halt();
    }
    //============================================================================//
}
示例#4
0
    $inPage->addPathway($_LANG['PHOTOALBUMS'], '/users/' . $usr['id'] . '/photoalbum.html');
    $inPage->addPathway($photo['album'], '/users/' . $usr['login'] . '/photos/private' . $photo['album_id'] . '.html');
    $inPage->addPathway($photo['title']);
    $photo['pubdate'] = cmsCore::dateFormat($photo['pubdate'], true, false, false);
    $photo['genderlink'] = cmsUser::getGenderLink($usr['id'], $usr['nickname'], $photo['gender'], $usr['login']);
    $photo['filesize'] = round(filesize(PATH . '/images/users/photos/medium/' . $photo['imageurl']) / 1024, 2);
    //ссылки на предыдущую и следующую фотографии
    $previd = $inDB->get_fields('cms_user_photos', "id>'{$photo['id']}' AND user_id = '{$usr['id']}' AND album_id='{$photo['album_id']}'", 'id, title, pubdate', 'id ASC');
    $nextid = $inDB->get_fields('cms_user_photos', "id<'{$photo['id']}' AND user_id = '{$usr['id']}' AND album_id='{$photo['album_id']}'", 'id, title, pubdate', 'id DESC');
    // Проверяем права доступа
    $is_allow = cmsUser::checkUserContentAccess($photo['allow_who'], $id);
    // Если видим фото, обновляем просмотры
    if ($is_allow) {
        $inDB->query("UPDATE cms_user_photos SET hits = hits + 1 WHERE id = " . $photo['id']);
    }
    cmsPage::initTemplate('components', 'com_users_photos_view')->assign('photo', $photo)->assign('bbcode', '[IMG]' . HOST . '/images/users/photos/medium/' . $photo['imageurl'] . '[/IMG]')->assign('previd', $previd)->assign('nextid', $nextid)->assign('usr', $usr)->assign('myprofile', $myprofile)->assign('is_admin', cmsUser::userIsAdmin($inUser->id))->assign('is_allow', $is_allow)->assign('tagbar', $is_allow ? cmsTagBar('userphoto', $photo['id']) : '')->display('com_users_photos_view.tpl');
    if ($inCore->isComponentInstalled('comments') && $is_allow) {
        cmsCore::includeComments();
        comments('userphoto', $photo['id']);
    }
}
//============================================================================//
//============================ Один фотоальбом ===============================//
//============================================================================//
if ($pdo == 'viewalbum') {
    if (!$inUser->id && !$model->config['sw_guest']) {
        cmsUser::goToLogin();
    }
    $usr = cmsUser::getShortUserData($login);
    if (!$usr) {
        cmsCore::error404();
示例#5
0
function applet_userbanlist()
{
    $inCore = cmsCore::getInstance();
    global $_LANG;
    global $adminAccess;
    if (!cmsUser::isAdminCan('admin/users', $adminAccess)) {
        cpAccessDenied();
    }
    cmsCore::c('page')->setTitle($_LANG['AD_BANLIST']);
    cpAddPathway($_LANG['AD_USERS'], 'index.php?view=users');
    cpAddPathway($_LANG['AD_BANLIST'], 'index.php?view=userbanlist');
    $do = cmsCore::request('do', 'str', 'list');
    $id = cmsCore::request('id', 'int', -1);
    $to = cmsCore::request('to', 'int', 0);
    // для редиректа обратно в профиль на сайт
    if ($to) {
        cmsUser::sessionPut('back_url', cmsCore::getBackURL());
    }
    if ($do == 'list') {
        $toolmenu = array(array('icon' => 'useradd.gif', 'title' => $_LANG['AD_TO_BANLIST_ADD'], 'link' => '?view=userbanlist&do=add'), array('icon' => 'edit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=userbanlist&do=edit&multiple=1');"), array('icon' => 'delete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:checkSel('?view=userbanlist&do=delete&multiple=1');"));
        cpToolMenu($toolmenu);
        $fields = array(array('title' => 'id', 'field' => 'id', 'width' => '40'), array('title' => $_LANG['AD_IS_ACTIVE'], 'field' => 'status', 'width' => '65', 'prc' => 'cpYesNo'), array('title' => $_LANG['AD_BANLIST_USER'], 'field' => 'user_id', 'width' => '120', 'filter' => '12', 'prc' => 'cpUserNick'), array('title' => $_LANG['AD_BANLIST_IP'], 'field' => 'ip', 'width' => '100', 'link' => '?view=userbanlist&do=edit&id=%id%', 'filter' => '12'), array('title' => $_LANG['DATE'], 'field' => 'bandate', 'width' => '', 'fdate' => '%d/%m/%Y %H:%i:%s', 'filter' => '12'), array('title' => $_LANG['AD_BANLIST_TIME'], 'field' => 'int_num', 'width' => '55'), array('title' => '', 'field' => 'int_period', 'width' => '70'), array('title' => $_LANG['AD_AUTOREMOVE'], 'field' => 'autodelete', 'width' => '100', 'prc' => 'cpYesNo'));
        $actions = array(array('title' => $_LANG['EDIT'], 'icon' => 'edit.gif', 'link' => '?view=userbanlist&do=edit&id=%id%'), array('title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_REMOVE_RULE'], 'link' => '?view=userbanlist&do=delete&id=%id%'));
        cpListTable('cms_banlist', $fields, $actions, '1=1', 'ip DESC');
    }
    if ($do == 'delete') {
        if (!cmsCore::inRequest('item')) {
            if ($id >= 0) {
                dbDelete('cms_banlist', $id);
            }
        } else {
            dbDeleteList('cms_banlist', cmsCore::request('item', 'array_int', array()));
        }
        cmsCore::redirect('?view=userbanlist');
    }
    if ($do == 'submit' || $do == 'update') {
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::error404();
        }
        $types = array('user_id' => array('user_id', 'int', 0), 'ip' => array('ip', 'str', ''), 'cause' => array('cause', 'str', ''), 'autodelete' => array('autodelete', 'int', 0), 'int_num' => array('int_num', 'int', 0), 'int_period' => array('int_period', 'str', '', create_function('$p', 'if(!in_array($p, array("MONTH","DAY","HOUR","MINUTE"))){ $p = "MINUTE"; } return $p;')));
        $items = cmsCore::getArrayFromRequest($types);
        $error = false;
        if (!$items['ip']) {
            $error = true;
            cmsCore::addSessionMessage($_LANG['AD_NEED_IP'], 'error');
        }
        if ($items['ip'] == $_SERVER['REMOTE_ADDR'] || $items['user_id'] == cmsCore::c('user')->id) {
            $error = true;
            cmsCore::addSessionMessage($_LANG['AD_ITS_YOUR_IP'], 'error');
        }
        if (cmsUser::userIsAdmin($items['user_id'])) {
            $error = true;
            cmsCore::addSessionMessage($_LANG['AD_ITS_ADMIN'], 'error');
        }
        if ($error) {
            cmsCore::redirectBack();
        }
        if ($do == 'update') {
            cmsCore::c('db')->update('cms_banlist', $items, $id);
            if (empty($_SESSION['editlist'])) {
                cmsCore::redirect('?view=userbanlist');
            } else {
                cmsCore::redirect('?view=userbanlist&do=edit');
            }
        }
        cmsCore::c('db')->insert('cms_banlist', $items);
        $back_url = cmsUser::sessionGet('back_url');
        cmsUser::sessionDel('back_url');
        cmsCore::redirect($back_url ? $back_url : '?view=userbanlist');
    }
    if ($do == 'add' || $do == 'edit') {
        cmsCore::c('page')->addHeadJS('admin/js/banlist.js');
        $toolmenu = array(array('icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();'), array('icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'javascript:history.go(-1);'));
        cpToolMenu($toolmenu);
        if ($do == 'add') {
            echo '<h3>' . $_LANG['AD_TO_BANLIST_ADD'] . '</h3>';
            cpAddPathway($_LANG['AD_TO_BANLIST_ADD']);
        } else {
            if (cmsCore::inRequest('multiple')) {
                if (cmsCore::inRequest('item')) {
                    $_SESSION['editlist'] = cmsCore::request('item', 'array_int', array());
                } else {
                    cmsCore::addSessionMessage($_LANG['AD_NO_SELECT_OBJECTS'], 'error');
                    cmsCore::redirectBack();
                }
            }
            $ostatok = '';
            if (isset($_SESSION['editlist'])) {
                $item_id = array_shift($_SESSION['editlist']);
                if (count($_SESSION['editlist']) == 0) {
                    unset($_SESSION['editlist']);
                } else {
                    $ostatok = '(' . $_LANG['AD_NEXT_IN'] . count($_SESSION['editlist']) . ')';
                }
            } else {
                $item_id = cmsCore::request('id', 'int', 0);
            }
            $mod = cmsCore::c('db')->get_fields('cms_banlist', "id = '" . $item_id . "'", '*');
            if (!$mod) {
                cmsCore::error404();
            }
            echo '<h3>' . $_LANG['AD_EDIT_RULE'] . ' ' . $ostatok . '</h3>';
            cpAddPathway($_LANG['AD_EDIT_RULE']);
        }
        if ($do == 'add' && $to) {
            $mod['user_id'] = $to;
            $mod['ip'] = cmsCore::c('db')->get_field('cms_users', 'id=' . $to, 'last_ip');
        }
        cmsCore::c('page')->initTemplate('applets', 'userbanlist_add')->assign('do', $do)->assign('mod', $mod)->assign('users_opt', $inCore->getListItems('cms_users', cmsCore::getArrVal($mod, 'user_id', 0), 'nickname', 'ASC', 'is_deleted=0 AND is_locked=0', 'id', 'nickname'))->display();
    }
}
示例#6
0
function faq(){

    $inCore = cmsCore::getInstance();
    $inPage = cmsPage::getInstance();
    $inDB   = cmsDatabase::getInstance();
	$inUser = cmsUser::getInstance();

    $model = new cms_model_faq();

    define('IS_BILLING', $inCore->isComponentInstalled('billing'));
    if (IS_BILLING) { $inCore->loadClass('billing'); }

	global $_LANG;

    $pagetitle = $inCore->getComponentTitle();

	$inPage->addPathway($pagetitle, '/faq');
	$inPage->setTitle($pagetitle);
	$inPage->setDescription($pagetitle);
    $inPage->addHeadJsLang(array('ERR_QUESTION'));

	$cfg = $inCore->loadComponentConfig('faq');

    if(!isset($cfg['guest_enabled'])) { $cfg['guest_enabled'] = 1; }
    if(!isset($cfg['user_link'])) { $cfg['user_link'] = 1; }
    if(!isset($cfg['publish'])) { $cfg['publish'] = 0; }
	if(!isset($cfg['is_comment'])) { $cfg['is_comment'] = 1; }

	$id = $inCore->request('id', 'int', 0);
	$do = $inCore->do;

///////////////////////////////////// VIEW CATEGORY ////////////////////////////////////////////////////////////////////////////////
if ($do=='view'){

	if($id>0){
		//CURRENT CATEGORY
		$sql = "SELECT *
				FROM cms_faq_cats
				WHERE id = '$id'
				ORDER BY title ASC LIMIT 1
				";

		$result = $inDB->query($sql) ;

		if (!$inDB->num_rows($result)) { cmsCore::error404(); }

		$cat = $inDB->fetch_assoc($result);

		//PAGE HEADING
		$pagetitle = $cat['title'];
		$inPage->setTitle($cat['title']);
		$inPage->addPathway($cat['title']);
		$inPage->setDescription($cat['title']);
	}

	//LIST OF SUBCATEGORIES
	$sql = "SELECT *
			FROM cms_faq_cats
			WHERE parent_id = $id AND id > 0 AND published = 1
			ORDER BY title ASC
			";

	$result = $inDB->query($sql) ;

	if ($inDB->num_rows($result)){
		$subcats = array();
		while($subcat = $inDB->fetch_assoc($result)){
			$subcats[] = $subcat;
		}
		$is_subcats = true;
	} else {
		$is_subcats = false;
	}

	//CURRENT CATEGORY CONTENT
	$perpage = 15;
	$page = $inCore->request('page', 'int', 1);
    $records = 0;

	if ($id > 0){
		$sql = "SELECT q.*, u.login, u.nickname
				FROM cms_faq_quests q
				LEFT JOIN cms_users u ON u.id = q.user_id
				WHERE q.category_id = $id AND q.published = 1
				ORDER BY q.pubdate DESC
				LIMIT ".(($page-1)*$perpage).", $perpage";
		$result_total = $inDB->query("SELECT id FROM cms_faq_quests WHERE category_id = $id AND published = 1") ;
		$records = $inDB->num_rows($result_total);
	} else {
		$sql = "SELECT q.*, c.title cat_title, c.id cid, u.login, u.nickname
				FROM cms_faq_quests q
				LEFT JOIN cms_faq_cats c ON c.id = q.category_id
				LEFT JOIN cms_users u ON u.id = q.user_id
				WHERE q.published = 1
				ORDER BY q.pubdate DESC
				LIMIT 15";
	}
	$result = $inDB->query($sql) ;

	if ($inDB->num_rows($result)){
		$quests = array();
		while($con = $inDB->fetch_assoc($result)){
			$con['pubdate'] = $inCore->dateFormat($con['pubdate'], true, false, false);
			$con['quest']	= nl2br($con['quest']);
			$quests[] = $con;
		}
		$is_quests = true;
	} else {
		$is_quests = false;
	}

	cmsPage::initTemplate('components', 'com_faq_view')->
            assign('pagetitle', $pagetitle)->
            assign('id', $id)->
            assign('subcats', $subcats)->
            assign('is_subcats', $is_subcats)->
            assign('quests', $quests)->
            assign('cfg', $cfg)->
            assign('is_quests', $is_quests)->
            assign('is_user', $inUser->id)->
            assign('pagebar', cmsPage::getPagebar($records, $page, $perpage, '/faq/%id%-%page%', array('id'=>$id)))->
            display();

}

///////////////////////////////////// READ QUESTION ////////////////////////////////////////////////////////////////////////////////
if ($do=='read'){
		$sql = "SELECT con.*,
				cat.title cat_title, cat.id cat_id, u.login, u.nickname
				FROM cms_faq_quests con
				LEFT JOIN cms_faq_cats cat ON cat.id = con.category_id
				LEFT JOIN cms_users u ON u.id = con.user_id
				WHERE con.id = $id LIMIT 1";

		$result = $inDB->query($sql);

		if ($inDB->num_rows($result)){

			$inDB->query("UPDATE cms_faq_quests SET hits = hits + 1 WHERE id = $id") ;

			$quest = $inDB->fetch_assoc($result);

			$quest['pubdate']    = $inCore->dateFormat($quest['pubdate'], true, false, false);
			$quest['answerdate'] = $inCore->dateFormat($quest['answerdate'], true, false, false);
			if (mb_strlen($quest['quest'])>40) { $shortquest = mb_substr($quest['quest'], 0, 40).'...'; }
			else { $shortquest = $quest['quest']; }
			$quest['quest']		 = nl2br($quest['quest']);

			$inPage->setTitle($shortquest);
			$inPage->setDescription($shortquest);

			$inPage->addPathway($quest['cat_title'], '/faq/'.$quest['cat_id']);
			$inPage->addPathway($shortquest);

			cmsPage::initTemplate('components', 'com_faq_read')->
                    assign('quest', $quest)->
                    assign('cfg', $cfg)->
                    assign('labels', array('comments' => $_LANG['ANSWERS'], 'add' => $_LANG['REPLY'], 'rss' => $_LANG['RSS_FEED'], 'not_comments' => $_LANG['NOT_ANSWERS']))->
                    assign('is_admin', $inUser->is_admin)->
                    display();

		} else { cmsCore::error404(); }
}
///////////////////////////////////// SEND QUEST ////////////////////////////////////////////////////////////////////////////////
if ($do=='sendquest'){

    if (!$inUser->id && !$cfg['guest_enabled']){ cmsCore::error404(); }

	$inPage->setTitle($_LANG['SET_QUESTION']);
	$inPage->addPathway($_LANG['SET_QUESTION']);

	$inPage->addHeadJS('components/faq/js/common.js');

    $error          = '';
    $captha_code    = $inCore->request('code', 'str', '');
    $message        = $inCore->request('message', 'str', '');
    $category_id    = $inCore->request('category_id', 'int', '');
    $published      = ($inUser->is_admin || $cfg['publish']) ? 1 : 0;
    $is_submit      = $inCore->inRequest('message');

    if ($is_submit && !$inUser->id && !cmsCore::checkCaptchaCode()) { $error = $_LANG['ERR_CAPTCHA']; }

	if (!$is_submit || $error){

        if (IS_BILLING && $inUser->id){ cmsBilling::checkBalance('faq', 'add_quest'); }

		cmsPage::initTemplate('components', 'com_faq_add')->
                assign('catslist', $inCore->getListItems('cms_faq_cats', $category_id))->
                assign('user_id', $inUser->id)->
                assign('message', htmlspecialchars($inCore->request('message', 'html', '')))->
                assign('error', $error)->
                display();

	} else {

        //SAVE QUESTION
		$sql = "INSERT INTO cms_faq_quests (category_id, pubdate, published, quest, answer, user_id, answeruser_id, answerdate, hits)
				VALUES ('$category_id', NOW(), '$published', '$message', '', '{$inUser->id}', 0, NOW(), 0)";
		$inDB->query($sql);

		$quest_id = $inDB->get_last_id('cms_faq_quests');

        if (IS_BILLING && $inUser->id){ cmsBilling::process('faq', 'add_quest'); }

		$inPage->setTitle($_LANG['QUESTION_SEND']);
		$inPage->addPathway($_LANG['QUESTION_SEND']);

        if (!$published){
			echo '<div class="con_heading">'.$_LANG['QUESTION_SEND'].'</div>';
            echo '<div style="margin-top:10px">'.$_LANG['QUESTION_PREMODER'].'</div>';
			echo '<div style="margin-top:10px"><a href="/faq">'.$_LANG['CONTINUE'].'</a></div>';
        } elseif ($published) {
			$category = $inDB->get_field('cms_faq_cats', "id={$category_id}", 'title');
            //регистрируем событие
            cmsActions::log('add_quest', array(
                'object' => $_LANG['QUESTION'],
                'object_url' => '/faq/quest'.$quest_id.'.html',
                'object_id' => $quest_id,
                'target' => $category,
                'target_url' => '/faq/'.$category_id,
                'target_id' => $category_id,
                'description' => strip_tags( mb_strlen(strip_tags($message))>100 ? mb_substr($message, 0, 100) : $message )
            ));
            $inCore->redirect('/faq/quest'.$quest_id.'.html');
		} else { $inCore->redirect('/faq/quest'.$quest_id.'.html'); }

	}
}

///////////////////////////////////// DELETE QUEST ////////////////////////////////////////////////////////////////////////////////

if ($do=='delquest'){

    $quest_id 	= $inCore->request('quest_id', 'int', 0);
    $user_id    = $inUser->id;

	$sql    = "SELECT con.id, con.quest, con.category_id
				FROM cms_faq_quests con
				WHERE con.id = '$quest_id' LIMIT 1";

	$result = $inDB->query($sql);
	$quest  = $inDB->fetch_assoc($result);

    if (!$user_id || !$quest_id || !$quest) { $inCore->redirectBack(); }

    if ( !$inCore->inRequest('confirm') ) {

        if (cmsUser::userIsAdmin($user_id)){
			$inPage->setTitle($_LANG['DEL_QUES']);
			$inPage->addPathway($_LANG['DEL_QUES']);
            $confirm['title'] = $_LANG['DELETE_QUES'];
            $confirm['text']  = $_LANG['YOU_REALY_DELETE_QUES'].':<br> "<a href="/faq/quest'.$quest['id'].'.html">'.$quest['quest'].'</a>"<br><br>';
			$confirm['action']                  = $_SERVER['REQUEST_URI'];
			$confirm['yes_button']              = array();
			$confirm['yes_button']['type']      = 'submit';
			$confirm['yes_button']['name']  	= 'confirm';
            cmsPage::initTemplate('components', 'action_confirm')->
                    assign('confirm', $confirm)->
                    display();
        } else {
            $inCore->redirectBack();
        }
	}

    if ( $inCore->inRequest('confirm') ){

        if (cmsUser::userIsAdmin($user_id)){

            $model->deleteQuest($quest_id);

        }
        $inCore->redirect('/faq/'.$quest['category_id']);
    }

}

} //function
示例#7
0
文件: photos.php 项目: Acsac/CMS-RuDi
    //ссылки на предыдущую и следующую фотографии
    $previd = $inDB->get_fields('cms_user_photos', "id>'{$photo['id']}' AND user_id = '{$usr['id']}' AND album_id='{$photo['album_id']}'", 'id, title, pubdate', 'id ASC');
    $nextid = $inDB->get_fields('cms_user_photos', "id<'{$photo['id']}' AND user_id = '{$usr['id']}' AND album_id='{$photo['album_id']}'", 'id, title, pubdate', 'id DESC');
	// Проверяем права доступа
	$is_allow = cmsUser::checkUserContentAccess($photo['allow_who'], $id);
	// Если видим фото, обновляем просмотры
	if ($is_allow) { $inDB->query("UPDATE cms_user_photos SET hits = hits + 1 WHERE id = ".$photo['id']) ; }

    cmsPage::initTemplate('components', 'com_users_photos_view')->
            assign('photo', $photo)->
            assign('bbcode', '[IMG]'.HOST.'/images/users/photos/medium/'.$photo['imageurl'].'[/IMG]')->
            assign('previd', $previd)->
            assign('nextid', $nextid)->
            assign('usr', $usr)->
            assign('myprofile', $myprofile)->
            assign('is_admin', cmsUser::userIsAdmin($inUser->id))->
            assign('is_allow', $is_allow)->
            assign('tagbar', ($is_allow ? cmsTagBar('userphoto', $photo['id']) : ''))->
            display();

	if ($inCore->isComponentEnable('comments') && $is_allow){
            cmsCore::includeComments();
            comments('userphoto', $photo['id'], array(), $myprofile);
        }

}
//============================================================================//
//============================ Один фотоальбом ===============================//
//============================================================================//

if ($pdo=='viewalbum'){
示例#8
0
function forum()
{
    $inCore = cmsCore::getInstance();
    $inPage = cmsPage::getInstance();
    $inDB = cmsDatabase::getInstance();
    $inUser = cmsUser::getInstance();
    $model = new cms_model_forum();
    define('IS_BILLING', $inCore->isComponentInstalled('billing'));
    if (IS_BILLING) {
        cmsCore::loadClass('billing');
    }
    global $_LANG;
    $pagetitle = $inCore->getComponentTitle();
    $inPage->addPathway($pagetitle, '/forum');
    $inPage->setTitle($pagetitle);
    $inPage->setDescription($model->config['meta_desc'] ? $model->config['meta_desc'] : $pagetitle);
    $inPage->setKeywords($model->config['meta_keys'] ? $model->config['meta_keys'] : $pagetitle);
    $id = cmsCore::request('id', 'int', 0);
    $do = $inCore->do;
    $page = cmsCore::request('page', 'int', 1);
    $inPage->addHeadJS('components/forum/js/common.js');
    $inPage->addHeadJsLang(array('CONFIRM_DELETE_POLL', 'CONFIRM_DEL_POST', 'CONFIRM_DEL_THREAD', 'MOVE_THREAD', 'MOVE_POST', 'RENAME_THREAD', 'CONFIRM_DELETE_FILE', 'SELECT_NEW_FILE_UPLOAD', 'SELECT_TEXT_QUOTE', 'CONFIRM_DELETE_ALL_USER_POSTS'));
    //============================================================================//
    //=============================== Список Форумов  ============================//
    //============================================================================//
    if ($do == 'view') {
        $inPage->addHead('<link rel="alternate" type="application/rss+xml" title="' . $_LANG['FORUMS'] . '" href="' . HOST . '/rss/forum/all/feed.rss">');
        $forums = $model->getForums();
        cmsPage::initTemplate('components', 'com_forum_list')->assign('pagetitle', $pagetitle)->assign('forums', $forums)->assign('forum', array())->assign('user_id', $inUser->id)->assign('cfg', $model->config)->display('com_forum_list.tpl');
    }
    //============================================================================//
    //================ Список тем форума + список подфорумов  ====================//
    //============================================================================//
    if ($do == 'forum') {
        $forum = $model->getForum($id);
        if (!$forum) {
            cmsCore::error404();
        }
        $forum = translations::process(cmsConfig::getConfig('lang'), 'forum_forums', $forum);
        $moderators = $model->getForumModerators($forum['moder_list']);
        // опции просмотра
        $order_by = cmsCore::getSearchVar('order_by', 'pubdate');
        $order_to = cmsCore::getSearchVar('order_to', 'desc');
        if (!in_array($order_by, array('pubdate', 'title', 'post_count', 'hits'))) {
            $order_by = 'pubdate';
        }
        if (!in_array($order_to, array('asc', 'desc'))) {
            $order_to = 'desc';
        }
        $daysprune = (int) cmsCore::getSearchVar('daysprune');
        if (!cmsCore::checkContentAccess($forum['access_list'])) {
            cmsPage::includeTemplateFile('special/accessdenied.php');
            return;
        }
        $inPage->addHead('<link rel="alternate" type="application/rss+xml" title="' . htmlspecialchars($forum['title']) . '" href="' . HOST . '/rss/forum/' . $forum['id'] . '/feed.rss">');
        $inPage->setTitle($forum['pagetitle'] ? $forum['pagetitle'] : $forum['title']);
        $inPage->setDescription($forum['meta_desc'] ? $forum['meta_desc'] : crop($forum['description'] ? $forum['description'] : $forum['title']));
        $inPage->setKeywords($forum['meta_keys'] ? $forum['meta_keys'] : $forum['title']);
        // Получаем дерево форумов
        $path_list = $inDB->getNsCategoryPath('cms_forums', $forum['NSLeft'], $forum['NSRight'], 'id, title, access_list, moder_list');
        // Строим глубиномер
        if ($path_list) {
            $path_list = translations::process(cmsConfig::getConfig('lang'), 'forum_forums', $path_list);
            foreach ($path_list as $pcat) {
                if (!cmsCore::checkContentAccess($pcat['access_list'])) {
                    cmsPage::includeTemplateFile('special/accessdenied.php');
                    return;
                }
                $inPage->addPathway($pcat['title'], '/forum/' . $pcat['id']);
            }
        }
        // Получим подфорумы
        $model->whereNestedForum($forum['NSLeft'], $forum['NSRight']);
        $sub_forums = $model->getForums();
        cmsPage::initTemplate('components', 'com_forum_list')->assign('pagetitle', $forum['title'])->assign('forums', $sub_forums)->assign('forum', $forum)->assign('cfg', $model->config)->assign('user_id', $inUser->id)->display('com_forum_list.tpl');
        // Получим темы
        if ($daysprune) {
            $model->whereDayIntervalIs($daysprune);
        }
        $model->whereForumIs($forum['id']);
        $inDB->orderBy('t.pinned', 'DESC, t.' . $order_by . ' ' . $order_to);
        $inDB->limitPage($page, $model->config['pp_forum']);
        $threads = $model->getThreads();
        if (!$threads && $page > 1) {
            cmsCore::error404();
        }
        cmsPage::initTemplate('components', 'com_forum_view')->assign('threads', $threads)->assign('show_panel', true)->assign('order_by', $order_by)->assign('order_to', $order_to)->assign('daysprune', $daysprune)->assign('moderators', $moderators)->assign('pagination', cmsPage::getPagebar($forum['thread_count'], $page, $model->config['pp_forum'], '/forum/' . $forum['id'] . '-%page%'))->display('com_forum_view.tpl');
    }
    //============================================================================//
    //======================== Просмотр темы форума  =============================//
    //============================================================================//
    if ($do == 'thread') {
        $thread = $model->getThread($id);
        if (!$thread) {
            cmsCore::error404();
        }
        // Строим глубиномер
        $path_list = $inDB->getNsCategoryPath('cms_forums', $thread['NSLeft'], $thread['NSRight'], 'id, title, access_list, moder_list');
        if ($path_list) {
            $path_list = translations::process(cmsConfig::getConfig('lang'), 'forum_forums', $path_list);
            foreach ($path_list as $pcat) {
                if (!cmsCore::checkContentAccess($pcat['access_list'])) {
                    cmsPage::includeTemplateFile('special/accessdenied.php');
                    return;
                }
                $inPage->addPathway($pcat['title'], '/forum/' . $pcat['id']);
            }
            // Для последнего форума проверяем
            // не модератор ли текущий пользователь
            $is_forum_moder = $model->isForumModerator($pcat['moder_list']);
        }
        $inPage->addPathway($thread['title'], '/forum/thread' . $thread['id'] . '.html');
        if (!$thread['is_mythread']) {
            $inDB->setFlag('cms_forum_threads', $thread['id'], 'hits', $thread['hits'] + 1);
        }
        // получаем посты
        $model->whereThreadIs($thread['id']);
        $inDB->orderBy('p.pinned', 'DESC, p.pubdate ASC');
        $inDB->limitPage($page, $model->config['pp_thread']);
        $posts = $model->getPosts();
        if (!$posts) {
            cmsCore::error404();
        }
        // SEO
        $inPage->setTitle($thread['title']);
        // meta description
        if (!$thread['description']) {
            $first_post = current($posts);
            $first_post_content = strip_tags($first_post['content_html']);
            if (mb_strlen($first_post_content) >= 100) {
                $inPage->setDescription(crop($first_post_content));
            } else {
                $inPage->setDescription($thread['title']);
            }
        } else {
            $inPage->setDescription(crop($thread['description']));
        }
        // meta keywords
        $all_post_content = '';
        foreach ($posts as $p) {
            $all_post_content .= ' ' . strip_tags($p['content_html']);
        }
        $meta_keys = cmsCore::getKeywords($all_post_content);
        $inPage->setKeywords($meta_keys ? $meta_keys : $thread['title']);
        cmsCore::initAutoGrowText('#message');
        cmsPage::initTemplate('components', 'com_forum_view_thread')->assign('forum', $pcat)->assign('forums', $model->getForums())->assign('is_subscribed', cmsUser::isSubscribed($inUser->id, 'forum', $thread['id']))->assign('thread', $thread)->assign('prev_thread', $inDB->get_fields('cms_forum_threads', "id < '{$thread['id']}' AND forum_id = '{$thread['forum_id']}'", 'id, title', 'id DESC'))->assign('next_thread', $inDB->get_fields('cms_forum_threads', "id > '{$thread['id']}' AND forum_id = '{$thread['forum_id']}'", 'id, title', 'id ASC'))->assign('posts', $posts)->assign('thread_poll', $model->getThreadPoll($thread['id']))->assign('page', $page)->assign('num', ($page - 1) * $model->config['pp_thread'] + 1)->assign('lastpage', ceil($thread['post_count'] / $model->config['pp_thread']))->assign('pagebar', cmsPage::getPagebar($thread['post_count'], $page, $model->config['pp_thread'], '/forum/thread' . $thread['id'] . '-%page%.html'))->assign('user_id', $inUser->id)->assign('do', $do)->assign('is_moder', $is_forum_moder)->assign('is_admin', $inUser->is_admin)->assign('is_can_add_post', cmsUser::isUserCan('forum/add_post'))->assign('cfg', $model->config)->assign('bb_toolbar', $inUser->id && $model->config['fast_on'] && $model->config['fast_bb'] ? cmsPage::getBBCodeToolbar('message', $model->config['img_on']) : '')->assign('smilies', $inUser->id && $model->config['fast_on'] && $model->config['fast_bb'] ? cmsPage::getSmilesPanel('message') : '')->display('com_forum_view_thread.tpl');
    }
    //============================================================================//
    //================ Новая тема, написать/редактировать пост ===================//
    //============================================================================//
    if (in_array($do, array('newthread', 'newpost', 'editpost'))) {
        if (!$inUser->id) {
            cmsUser::goToLogin();
        }
        // id первого поста в теме
        $first_post_id = false;
        // опросов по умолчанию нет
        $thread_poll = array();
        // применяется при редактировании поста
        $is_allow_attach = true;
        // ограничение по карме
        if (in_array($do, array('newthread', 'newpost'))) {
            if ($inUser->karma < $model->config['min_karma_add'] && !$inUser->is_admin) {
                cmsCore::addSessionMessage(sprintf($_LANG['ADD_KARMA_LIMIT'], cmsCore::spellCount($model->config['min_karma_add'], $_LANG['KPOINT1'], $_LANG['KPOINT2'], $_LANG['KPOINT10']), $inUser->karma), 'error');
                cmsCore::redirectBack();
            }
        }
        // новая тема
        if ($do == 'newthread') {
            // права доступа
            if (!cmsUser::isUserCan('forum/add_thread') && !$inUser->is_admin) {
                cmsPage::includeTemplateFile('special/accessdenied.php');
                return;
            }
            $forum = $model->getForum($id);
            if (!$forum) {
                cmsCore::error404();
            }
            if (!cmsCore::checkContentAccess($forum['access_list'])) {
                cmsPage::includeTemplateFile('special/accessdenied.php');
                return;
            }
            $path_list = $inDB->getNsCategoryPath('cms_forums', $forum['NSLeft'], $forum['NSRight'], 'id, title, access_list, moder_list');
            if ($path_list) {
                foreach ($path_list as $pcat) {
                    if (!cmsCore::checkContentAccess($pcat['access_list'])) {
                        cmsPage::includeTemplateFile('special/accessdenied.php');
                        return;
                    }
                    $inPage->addPathway($pcat['title'], '/forum/' . $pcat['id']);
                }
                $is_forum_moder = $model->isForumModerator($pcat['moder_list']);
            }
            if (IS_BILLING && $forum['topic_cost']) {
                cmsBilling::checkBalance('forum', 'add_thread', false, $forum['topic_cost']);
            }
            $pagetitle = $_LANG['NEW_THREAD'];
            $thread = cmsUser::sessionGet('thread');
            if ($thread) {
                cmsUser::sessionDel('thread');
            }
            $last_post['content'] = cmsUser::sessionGet('post_content');
            if ($last_post['content']) {
                cmsUser::sessionDel('post_content');
            }
        }
        // новый пост
        if ($do == 'newpost') {
            // права доступа
            if (!cmsUser::isUserCan('forum/add_post') && !$inUser->is_admin) {
                cmsPage::includeTemplateFile('special/accessdenied.php');
                return;
            }
            $thread = $model->getThread($id);
            if (!$thread || $thread['closed']) {
                cmsCore::error404();
            }
            $path_list = $inDB->getNsCategoryPath('cms_forums', $thread['NSLeft'], $thread['NSRight'], 'id, title, access_list, moder_list');
            if ($path_list) {
                foreach ($path_list as $pcat) {
                    if (!cmsCore::checkContentAccess($pcat['access_list'])) {
                        cmsPage::includeTemplateFile('special/accessdenied.php');
                        return;
                    }
                    $inPage->addPathway($pcat['title'], '/forum/' . $pcat['id']);
                }
                $is_forum_moder = $model->isForumModerator($pcat['moder_list']);
            }
            $inPage->addPathway($thread['title'], '/forum/thread' . $thread['id'] . '.html');
            $pagetitle = $_LANG['NEW_POST'];
            $last_post = $model->getPost(cmsCore::request('replyid', 'int', 0));
            if ($last_post) {
                $last_post['content'] = preg_replace('/\\[hide(.*?)\\](.*?)\\[\\/hide\\]/sui', '', $last_post['content']);
                $last_post['content'] = preg_replace('/\\[hide(.*?)\\](.*?)$/sui', '', $last_post['content']);
                $quote_nickname = $inDB->get_field('cms_users', "id = '{$last_post['user_id']}'", 'nickname');
                $last_post['content'] = '[quote=' . $quote_nickname . ']' . "\r\n" . $last_post['content'] . "\r\n" . '[/quote]' . "\r\n\r\n";
                $pagetitle = $_LANG['REPLY_FULL_QUOTE'];
            }
        }
        // редактирование поста
        if ($do == 'editpost') {
            $last_post = $model->getPost($id);
            if (!$last_post) {
                cmsCore::error404();
            }
            $is_allow_attach = $last_post['attach_count'] < $model->config['fa_max'];
            // уменьшаем значение настроек согласно загруженных файлов
            $model->config['fa_max'] = $model->config['fa_max'] - $last_post['attach_count'];
            $thread = $model->getThread($last_post['thread_id']);
            if (!$thread || $thread['closed']) {
                cmsCore::error404();
            }
            $path_list = $inDB->getNsCategoryPath('cms_forums', $thread['NSLeft'], $thread['NSRight'], 'id, title, access_list, moder_list');
            if ($path_list) {
                foreach ($path_list as $pcat) {
                    if (!cmsCore::checkContentAccess($pcat['access_list'])) {
                        cmsPage::includeTemplateFile('special/accessdenied.php');
                        return;
                    }
                    $inPage->addPathway($pcat['title'], '/forum/' . $pcat['id']);
                }
                $is_forum_moder = $model->isForumModerator($pcat['moder_list']);
            }
            $inPage->addPathway($thread['title'], '/forum/thread' . $thread['id'] . '.html');
            $end_min = $model->checkEditTime($last_post['pubdate']);
            $is_author_can_edit = (is_bool($end_min) ? $end_min : $end_min > 0) && $last_post['user_id'] == $inUser->id;
            // редактировать могут только администраторы, модераторы или авторы,  если время есть
            if (!$inUser->is_admin && !$is_forum_moder && !$is_author_can_edit) {
                cmsCore::error404();
            }
            if (!$inUser->is_admin && !$is_forum_moder && $model->config['edit_minutes']) {
                $msg_minute = str_replace('{min}', cmsCore::spellCount($end_min, $_LANG['MINUTE1'], $_LANG['MINUTE2'], $_LANG['MINUTE10']), $_LANG['EDIT_INFO']);
                cmsCore::addSessionMessage($msg_minute, 'info');
            }
            $first_post_id = $inDB->get_field('cms_forum_posts', "thread_id = '{$thread['id']}' ORDER BY pubdate ASC", 'id');
            $thread_poll = $model->getThreadPoll($thread['id']);
            $pagetitle = $_LANG['EDIT_POST'];
        }
        /////////////////////////
        ///  Показываем форму ///
        /////////////////////////
        if (!cmsCore::inRequest('gosend')) {
            $inPage->setTitle($pagetitle);
            $inPage->addPathway($pagetitle);
            $inPage->addHeadJsLang(array('FILE_SELECTED', 'FILE_DENIED', 'FILE_DUPLICATE'));
            cmsCore::initAutoGrowText('#message');
            cmsPage::initTemplate('components', 'com_forum_add')->assign('pagetitle', $pagetitle)->assign('is_first_post', isset($last_post['id']) ? $first_post_id == $last_post['id'] : true)->assign('thread_poll', $thread_poll)->assign('cfg', $model->config)->assign('do', $do)->assign('forum', isset($forum) ? $forum : $pcat)->assign('is_subscribed', cmsUser::isSubscribed($inUser->id, 'forum', @$thread['id']))->assign('thread', $thread)->assign('post_content', htmlspecialchars($last_post['content']))->assign('is_moder', $is_forum_moder)->assign('is_admin', $inUser->is_admin)->assign('is_allow_attach', cmsCore::checkContentAccess($model->config['group_access']) && $is_allow_attach)->assign('bb_toolbar', cmsPage::getBBCodeToolbar('message', $model->config['img_on'], 'forum', 'post', @$last_post['id']))->assign('smilies', cmsPage::getSmilesPanel('message'))->display('com_forum_add.tpl');
        } else {
            /////////////////////////
            // Выполняем действия ///
            /////////////////////////
            if (!cmsUser::checkCsrfToken()) {
                cmsCore::error404();
            }
            $message_bb = $inDB->escape_string(cmsCore::request('message', 'html', ''));
            $message_html = $inDB->escape_string(cmsCore::parseSmiles(cmsCore::request('message', 'html', ''), true));
            if (!$message_html) {
                cmsCore::addSessionMessage($_LANG['NEED_TEXT_POST'], 'error');
                cmsCore::redirectBack();
            }
            $message_post = strip_tags($message_html);
            $message_post = mb_strlen($message_post) > 200 ? mb_substr($message_post, 0, 200) : $message_post;
            $post_pinned = 0;
            if (in_array($do, array('newthread', 'newpost'))) {
                if ($do == 'newthread') {
                    $thread['title'] = cmsCore::request('title', 'str', '');
                    $thread['description'] = cmsCore::request('description', 'str', '');
                    $post_pinned = 1;
                    if (!$thread['title']) {
                        cmsCore::addSessionMessage($_LANG['NEED_TITLE_THREAD_YOUR_POST'], 'error');
                        cmsUser::sessionPut('thread', $thread);
                        cmsUser::sessionPut('post_content', stripcslashes($message_bb));
                        cmsCore::redirectBack();
                    }
                    $thread['is_hidden'] = cmsCore::yamlToArray($forum['access_list']) ? 1 : 0;
                    $thread['forum_id'] = $forum['id'];
                    $thread['user_id'] = $inUser->id;
                    $thread['pubdate'] = date("Y-m-d H:i:s");
                    $thread['hits'] = 0;
                    $thread['id'] = $model->addThread($thread);
                    $thread['NSLeft'] = $forum['NSLeft'];
                    $thread['NSRight'] = $forum['NSRight'];
                    $thread['post_count'] = 0;
                    if (IS_BILLING && $forum['topic_cost']) {
                        cmsBilling::process('forum', 'add_thread', $forum['topic_cost']);
                    }
                }
                $post_id = $model->addPost(array('thread_id' => $thread['id'], 'user_id' => $inUser->id, 'pinned' => $post_pinned, 'content' => $message_bb, 'content_html' => $message_html, 'pubdate' => date("Y-m-d H:i:s"), 'editdate' => date("Y-m-d H:i:s")));
                // Обновляем количество постов в теме
                $thread_post_count = $model->updateThreadPostCount($thread['id']);
                // Закрываем тему если нужно
                $is_fixed = cmsCore::request('fixed', 'int', 0);
                if ($is_fixed && ($is_forum_moder || $inUser->is_admin || $thread['is_mythread'])) {
                    $model->closeThread($thread['id']);
                }
                // Загружаем аттачи
                if ($model->config['fa_on'] && cmsCore::checkContentAccess($model->config['group_access'])) {
                    $file_error = $model->addUpdatePostAttachments($post_id);
                    if ($file_error === false) {
                        cmsCore::addSessionMessage($_LANG['CHECK_SIZE_TYPE_FILE'] . $model->config['fa_max'], 'error');
                    }
                }
                // Обновляем кеши
                $model->updateForumCache($thread['NSLeft'], $thread['NSRight'], true);
                $total_pages = ceil($thread_post_count / $model->config['pp_thread']);
                // Проверяем награды
                cmsUser::checkAwards($inUser->id);
                // Рассылаем уведомления тем, кто подписан
                if ($do == 'newpost') {
                    cmsUser::sendUpdateNotify('forum', $thread['id'], array('link' => '/forum/thread' . $thread['id'] . '-' . $total_pages . '.html#' . $post_id, 'title' => stripslashes($thread['title']), 'letter_file' => 'newforumpost', 'author' => $inUser->nickname));
                }
                // Подписываемся сами если нужно
                if (cmsCore::inRequest('subscribe')) {
                    cmsUser::subscribe($inUser->id, 'forum', $thread['id']);
                }
                // Если пост не в скрытый форум и не в объедненный с предыдущим, добавляем в ленту
                if (!$thread['is_hidden'] && $thread_post_count > $thread['post_count']) {
                    if ($do == 'newthread') {
                        cmsActions::log('add_thread', array('object' => $thread['title'], 'object_url' => '/forum/thread' . $thread['id'] . '-1.html', 'object_id' => $thread['id'], 'target' => $forum['title'], 'target_url' => '/forum/' . $forum['id'], 'target_id' => $forum['id'], 'description' => $message_post));
                    } else {
                        cmsActions::log('add_fpost', array('object' => $_LANG['MESSAGE'], 'object_url' => '/forum/thread' . $thread['id'] . '-' . $total_pages . '.html#' . $post_id, 'object_id' => $post_id, 'target' => $thread['title'], 'target_url' => '/forum/thread' . $thread['id'] . '.html', 'target_id' => $thread['id'], 'description' => $message_post));
                    }
                }
                // Для новой темы прикрепляем опрос если нужно
                if ($do == 'newthread') {
                    $model->addPoll(cmsCore::request('poll', 'array', array()), $thread['id']);
                    $last_poll_error = $model->getLastAddPollError();
                    if ($last_poll_error) {
                        cmsCore::addSessionMessage($last_poll_error, 'error');
                        cmsCore::redirect('/forum/editpost' . $post_id . '-1.html');
                    }
                }
                cmsCore::redirect('/forum/thread' . $thread['id'] . '-' . $total_pages . '.html#' . $post_id);
            } elseif ($do == 'editpost') {
                $model->updatePost(array('content' => $message_bb, 'content_html' => $message_html, 'edittimes' => $last_post['edittimes'] + 1, 'editdate' => date("Y-m-d H:i:s")), $last_post['id']);
                if ($model->config['fa_on'] && cmsCore::checkContentAccess($model->config['group_access'])) {
                    $file_error = $model->addUpdatePostAttachments($last_post['id']);
                    if ($file_error === false) {
                        cmsCore::addSessionMessage($_LANG['CHECK_SIZE_TYPE_FILE'] . $model->config['fa_max'], 'error');
                    }
                }
                if ($first_post_id == $last_post['id']) {
                    cmsActions::updateLog('add_thread', array('description' => $message_post), $thread['id']);
                    if ($thread_poll) {
                        $model->updatePoll(cmsCore::request('poll', 'array', array()), $thread_poll);
                    } else {
                        $model->addPoll(cmsCore::request('poll', 'array', array()), $thread['id']);
                    }
                    $last_poll_error = $model->getLastAddPollError();
                    if ($last_poll_error) {
                        cmsUser::sessionPut('thread', $thread);
                        cmsUser::sessionPut('post_content', stripcslashes($message_bb));
                        cmsCore::addSessionMessage($last_poll_error, 'error');
                        cmsCore::redirectBack();
                    }
                } else {
                    cmsActions::updateLog('add_fpost', array('description' => $message_post), $last_post['id']);
                }
                $model->updateForumCache($thread['NSLeft'], $thread['NSRight'], true);
                cmsCore::redirect('/forum/thread' . $thread['id'] . '-' . $page . '.html#' . $last_post['id']);
            }
        }
    }
    ///////////////////////////// DELETE POST /////////////////////////////////////////////////////////////////////////////////////////////////
    if ($do == 'deletepost') {
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::error404();
        }
        if (!$inUser->id) {
            cmsCore::error404();
        }
        $post = $model->getPost($id);
        if (!$post) {
            cmsCore::error404();
        }
        $thread = $model->getThread($post['thread_id']);
        if (!$thread) {
            cmsCore::error404();
        }
        $path_list = $inDB->getNsCategoryPath('cms_forums', $thread['NSLeft'], $thread['NSRight'], 'id, title, access_list, moder_list, NSLeft, NSRight');
        if ($path_list) {
            foreach ($path_list as $pcat) {
                if (!cmsCore::checkContentAccess($pcat['access_list'])) {
                    cmsCore::error404();
                }
            }
            $is_forum_moder = $model->isForumModerator($pcat['moder_list']);
        }
        $end_min = $model->checkEditTime($post['pubdate']);
        $is_author_can_edit = (is_bool($end_min) ? $end_min : $end_min > 0) && $post['user_id'] == $inUser->id;
        if (!$inUser->is_admin && !($is_forum_moder && !cmsUser::userIsAdmin($post['user_id'])) && !$is_author_can_edit) {
            cmsCore::error404();
        }
        $model->deletePost($post['id']);
        $model->updateThreadPostCount($post['thread_id']);
        $model->cacheThreadLastPost($post['thread_id']);
        if ($path_list) {
            $path_list = array_reverse($path_list);
            foreach ($path_list as $pcat) {
                $model->updateForumCache($pcat['NSLeft'], $pcat['NSRight']);
            }
        }
        cmsCore::addSessionMessage($_LANG['MSG_IS_DELETED'], 'info');
        $total_pages = ceil(($thread['post_count'] - 1) / $model->config['pp_thread']);
        if ($page > $total_pages) {
            $page = $total_pages;
        }
        cmsCore::jsonOutput(array('error' => false, 'redirect' => '/forum/thread' . $thread['id'] . '-' . $page . '.html'));
    }
    //============================================================================//
    //========================== Операции с темами ===============================//
    //============================================================================//
    if (in_array($do, array('movethread', 'renamethread', 'deletethread', 'close', 'pin', 'pin_post', 'move_post'))) {
        if (!$inUser->id) {
            cmsCore::error404();
        }
        $thread = $model->getThread($id);
        if (!$thread) {
            cmsCore::halt();
        }
        $path_list = $inDB->getNsCategoryPath('cms_forums', $thread['NSLeft'], $thread['NSRight'], 'id, title, access_list, moder_list, NSLeft, NSRight');
        if ($path_list) {
            foreach ($path_list as $pcat) {
                if (!cmsCore::checkContentAccess($pcat['access_list'])) {
                    cmsCore::halt();
                }
            }
            $is_forum_moder = $model->isForumModerator($pcat['moder_list']);
        }
        //======================= Перемещение темы ===============================//
        if ($do == 'movethread') {
            if (!$inUser->is_admin && !$is_forum_moder) {
                cmsCore::halt();
            }
            if (!cmsCore::inRequest('gomove')) {
                cmsPage::initTemplate('components', 'com_forum_move_thread')->assign('thread', $thread)->assign('forums', $model->getForums())->display('com_forum_move_thread.tpl');
                cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean()));
            } else {
                $new_forum = $model->getForum(cmsCore::request('forum_id', 'int', 0));
                if (!$new_forum) {
                    cmsCore::error404();
                }
                $is_hidden = 0;
                $path_list = $inDB->getNsCategoryPath('cms_forums', $new_forum['NSLeft'], $new_forum['NSRight'], 'id, title, access_list, moder_list');
                if ($path_list) {
                    foreach ($path_list as $pcat) {
                        if (!cmsCore::checkContentAccess($pcat['access_list'])) {
                            cmsCore::halt();
                        }
                        if (cmsCore::yamlToArray($pcat['access_list'])) {
                            $is_hidden = 1;
                        }
                    }
                    $is_forum_moder = $model->isForumModerator($pcat['moder_list']);
                }
                if (!$is_forum_moder && !$inUser->is_admin) {
                    cmsCore::addSessionMessage($_LANG['YOU_NO_THIS_FORUM_MODER'], 'error');
                    cmsCore::redirect('/forum/thread' . $thread['id'] . '.html');
                }
                $inDB->query("UPDATE cms_forum_threads SET forum_id = '{$new_forum['id']}', is_hidden = '{$is_hidden}' WHERE id = '{$thread['id']}'");
                cmsActions::updateLog('add_thread', array('target' => $new_forum['title'], 'target_url' => '/forum/' . $new_forum['id'], 'target_id' => $new_forum['id']), $thread['id']);
                // Обновляем кешированные значения
                // для старого форума
                $model->updateForumCache($thread['NSLeft'], $thread['NSRight'], true);
                // для нового форума
                $model->updateForumCache($new_forum['NSLeft'], $new_forum['NSRight'], true);
                cmsCore::addSessionMessage($_LANG['THREAD_IS_MOVE'] . '"' . $new_forum['title'] . '"', 'success');
                cmsCore::redirect('/forum/thread' . $thread['id'] . '.html');
            }
        }
        //===================== Переименование темы ==============================//
        if ($do == 'renamethread') {
            if (!$inUser->is_admin && !$is_forum_moder && !$thread['is_mythread']) {
                cmsCore::halt();
            }
            if (!cmsCore::inRequest('gorename')) {
                cmsPage::initTemplate('components', 'com_forum_rename_thread')->assign('thread', $thread)->display('com_forum_rename_thread.tpl');
                cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean()));
            } else {
                $new_thread['title'] = cmsCore::request('title', 'str', $thread['title']);
                $new_thread['description'] = cmsCore::request('description', 'str', '');
                $model->updateThread($new_thread, $thread['id']);
                cmsActions::updateLog('add_fpost', array('target' => $new_thread['title']), 0, $thread['id']);
                cmsActions::updateLog('add_thread', array('object' => $new_thread['title']), $thread['id']);
                $model->updateForumCache($thread['NSLeft'], $thread['NSRight'], true);
                cmsCore::jsonOutput(array('error' => false, 'title' => stripslashes($new_thread['title']), 'description' => stripslashes($new_thread['description'])));
            }
        }
        //======================= Удаление темы ==================================//
        if ($do == 'deletethread') {
            if (!cmsUser::checkCsrfToken()) {
                cmsCore::error404();
            }
            if (!$inUser->is_admin && !($is_forum_moder && !cmsUser::userIsAdmin($thread['user_id'])) && !$thread['is_mythread']) {
                cmsCore::halt();
            }
            $model->deleteThread($thread['id']);
            // Обновляем кешированные значения
            $model->updateForumCache($thread['NSLeft'], $thread['NSRight'], true);
            cmsCore::jsonOutput(array('error' => false, 'redirect' => '/forum/' . $thread['forum_id']));
        }
        //=============== Прикрепление/открепление темы ==========================//
        if ($do == 'pin') {
            if (!$inUser->is_admin && !$is_forum_moder) {
                cmsCore::halt();
            }
            $pinned = cmsCore::request('pinned', 'int', 0);
            $inDB->query("UPDATE cms_forum_threads SET pinned = '{$pinned}' WHERE id = '{$thread['id']}'");
            cmsCore::halt($pinned);
        }
        //========== Прикрепление/открепление сообщения темы =====================//
        if ($do == 'pin_post') {
            if (!$inUser->is_admin && !$is_forum_moder) {
                cmsCore::halt();
            }
            $pinned = cmsCore::request('pinned', 'int', 0);
            $post_id = cmsCore::request('post_id', 'int', 0);
            // Проверяем, принадлежит ли сообщение теме
            if (!$model->isBelongsToPostTopic($post_id, $thread['id'])) {
                cmsCore::halt();
            }
            $inDB->query("UPDATE cms_forum_posts SET pinned = '{$pinned}' WHERE id = '{$post_id}' AND thread_id = '{$thread['id']}'");
            // Ниже строки для тех, кто обновлялся с 1.9, если чистая установка, их можно удалить
            // Ставим принудительно для первого поста темы флаг pinned
            if ($pinned) {
                $first_post_id = $inDB->get_field('cms_forum_posts', "thread_id = '{$thread['id']}' ORDER BY pubdate ASC", 'id');
                $inDB->query("UPDATE cms_forum_posts SET pinned = 1 WHERE id = '{$first_post_id}' AND thread_id = '{$thread['id']}'");
            }
            cmsCore::redirect('/forum/thread' . $thread['id'] . '-1.html#' . $post_id);
        }
        //=========================== Перенос сообщения темы =====================//
        if ($do == 'move_post') {
            if (!$inUser->is_admin && !$is_forum_moder) {
                cmsCore::halt();
            }
            $post_id = cmsCore::request('post_id', 'int', 0);
            // Проверяем, принадлежит ли сообщение теме
            if (!$model->isBelongsToPostTopic($post_id, $thread['id'])) {
                cmsCore::halt();
            }
            cmsCore::callEvent('MOVE_FORUM_POST', array('thread' => $thread, 'post_id' => $post_id));
            if (!cmsCore::inRequest('gomove')) {
                cmsPage::initTemplate('components', 'com_forum_move_post')->assign('thread', $thread)->assign('post_id', $post_id)->assign('threads', cmsCore::getListItems('cms_forum_threads', $thread['id'], 'title', 'ASC', "forum_id = '{$thread['forum_id']}'"))->display('com_forum_move_post.tpl');
                cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean()));
            } else {
                $new_thread = $model->getThread(cmsCore::request('new_thread_id', 'int', 0));
                if (!$new_thread) {
                    cmsCore::error404();
                }
                $n_path_list = $inDB->getNsCategoryPath('cms_forums', $new_thread['NSLeft'], $new_thread['NSRight'], 'id, title, access_list, moder_list, NSLeft, NSRight');
                if ($n_path_list) {
                    foreach ($n_path_list as $n_pcat) {
                        if (!cmsCore::checkContentAccess($n_pcat['access_list'])) {
                            cmsCore::halt();
                        }
                    }
                    $is_forum_moder = $model->isForumModerator($n_pcat['moder_list']);
                }
                if (!$is_forum_moder && !$inUser->is_admin) {
                    cmsCore::error404();
                }
                $model->updatePost(array('thread_id' => $new_thread['id'], 'pubdate' => date("Y-m-d H:i:s")), $post_id);
                $model->updateThreadPostCount($thread['id']);
                $thread_post_count = $model->updateThreadPostCount($new_thread['id']);
                $total_pages = ceil($thread_post_count / $model->config['pp_thread']);
                cmsActions::updateLog('add_fpost', array('target' => $new_thread['title'], 'target_url' => '/forum/thread' . $new_thread['id'] . '.html', 'target_id' => $new_thread['id'], 'object_url' => '/forum/thread' . $new_thread['id'] . '-' . $total_pages . '.html#' . $post_id, 'pubdate' => date("Y-m-d H:i:s")), $post_id);
                $model->cacheThreadLastPost($thread['id']);
                if ($path_list) {
                    $path_list = array_reverse($path_list);
                    foreach ($path_list as $pcat) {
                        $model->cacheLastPost($pcat['NSLeft'], $pcat['NSRight']);
                    }
                }
                if ($n_path_list) {
                    $n_path_list = array_reverse($n_path_list);
                    foreach ($n_path_list as $pcat) {
                        $model->cacheLastPost($pcat['NSLeft'], $pcat['NSRight']);
                    }
                }
                cmsCore::addSessionMessage($_LANG['POST_IS_MOVE'] . '"' . $new_thread['title'] . '"', 'success');
                cmsCore::redirect('/forum/thread' . $new_thread['id'] . '-' . $total_pages . '.html#' . $post_id);
            }
        }
        //==================== Открытие/закрытие темы ============================//
        if ($do == 'close') {
            if (!$inUser->is_admin && !$is_forum_moder && !$thread['is_mythread']) {
                cmsCore::halt();
            }
            $closed = cmsCore::request('closed', 'int', 0);
            if ($closed) {
                $model->closeThread($thread['id']);
            } else {
                $model->openThread($thread['id']);
            }
            cmsCore::halt($closed);
        }
        cmsCore::halt();
    }
    //============================================================================//
    //========================== Операции с файлами ==============================//
    //============================================================================//
    if (in_array($do, array('download', 'delfile', 'reloadfile'))) {
        if (!$model->config['fa_on']) {
            cmsCore::error404();
        }
        $file = $model->getPostAttachment($id);
        if (!$file) {
            cmsCore::error404();
        }
        $post = $model->getPost($file['post_id']);
        if (!$post) {
            cmsCore::error404();
        }
        $thread = $model->getThread($post['thread_id']);
        if (!$thread) {
            cmsCore::error404();
        }
        $path_list = $inDB->getNsCategoryPath('cms_forums', $thread['NSLeft'], $thread['NSRight'], 'id, title, access_list, moder_list');
        if ($path_list) {
            foreach ($path_list as $pcat) {
                if (!cmsCore::checkContentAccess($pcat['access_list'])) {
                    cmsCore::error404();
                }
            }
            $is_forum_moder = $model->isForumModerator($pcat['moder_list']);
        }
        //================= Скачивание прикрепленного файла ======================//
        if ($do == 'download') {
            $location = PATH . '/upload/forum/post' . $file['post_id'] . '/' . $file['filename'];
            if (!file_exists($location)) {
                cmsCore::error404();
            }
            $inDB->query("UPDATE cms_forum_files SET hits = hits + 1 WHERE id = '{$file['id']}'");
            ob_clean();
            header('Content-Disposition: attachment; filename=' . htmlspecialchars($file['filename']));
            header('Content-Type: application/x-force-download; name="' . htmlspecialchars($file['filename']) . '"');
            header('Content-Length: ' . $file['filesize']);
            header('Accept-Ranges: bytes');
            cmsCore::halt(file_get_contents($location));
        }
        //=================== Удаление прикрепленного файла ======================//
        if ($do == 'delfile') {
            if (!cmsUser::checkCsrfToken()) {
                cmsCore::error404();
            }
            $end_min = $model->checkEditTime($post['pubdate']);
            $is_author_can_edit = (is_bool($end_min) ? $end_min : $end_min > 0) && $post['user_id'] == $inUser->id && cmsCore::checkContentAccess($model->config['group_access']);
            if (!$inUser->is_admin && !$is_forum_moder && !$is_author_can_edit) {
                cmsCore::halt();
            }
            $model->deletePostAttachment($file);
            cmsCore::halt(1);
        }
        //================== Перезакачка прикрепленного файла ====================//
        if ($do == 'reloadfile') {
            $end_min = $model->checkEditTime($post['pubdate']);
            $is_author_can_edit = (is_bool($end_min) ? $end_min : $end_min > 0) && $post['user_id'] == $inUser->id && cmsCore::checkContentAccess($model->config['group_access']);
            if (!$inUser->is_admin && !$is_forum_moder && !$is_author_can_edit) {
                cmsCore::error404();
            }
            if (!cmsCore::inRequest('goreload')) {
                cmsPage::initTemplate('components', 'com_forum_file_reload')->assign('file', $file)->assign('cfg', $model->config)->display('com_forum_file_reload.tpl');
                cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean()));
            } else {
                $success = $model->addUpdatePostAttachments($post['id'], $file);
                if ($success) {
                    $post['attached_files'] = $model->getPostAttachments($post['id']);
                    $post['is_author_can_edit'] = $is_author_can_edit;
                    cmsPage::initTemplate('components', 'com_forum_attached_files')->assign('post', $post)->assign('is_moder', $is_forum_moder)->assign('is_admin', $inUser->is_admin)->assign('cfg', $model->config)->display('com_forum_attached_files.tpl');
                    cmsCore::jsonOutput(array('error' => false, 'post_id' => $post['id'], 'html' => ob_get_clean()));
                } else {
                    cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['CHECK_SIZE_TYPE_FILE'] . $model->config['fa_max']));
                }
            }
        }
        cmsCore::halt();
    }
    //============================================================================//
    //========================= Операции с опросами ==============================//
    //============================================================================//
    if ($do == 'view_poll') {
        $thread = $model->getThread($id);
        if (!$thread) {
            cmsCore::halt();
        }
        $path_list = $inDB->getNsCategoryPath('cms_forums', $thread['NSLeft'], $thread['NSRight'], 'id, title, access_list, moder_list');
        if ($path_list) {
            foreach ($path_list as $pcat) {
                if (!cmsCore::checkContentAccess($pcat['access_list'])) {
                    cmsCore::halt();
                }
            }
            $is_forum_moder = $model->isForumModerator($pcat['moder_list']);
        }
        $thread_poll = $model->getThreadPoll($thread['id']);
        if (!$thread_poll) {
            cmsCore::halt();
        }
        if ($inUser->id && $thread_poll['is_user_vote'] && $thread_poll['options']['change'] && cmsCore::request('revote', 'int')) {
            $model->deleteVote($thread_poll);
            $thread_poll['is_user_vote'] = 0;
            $thread_poll['vote_count'] -= 1;
        }
        if (!$thread_poll['is_user_vote'] && !$thread_poll['options']['result']) {
            $thread_poll['show_result'] = cmsCore::request('show_result', 'int');
        }
        cmsPage::initTemplate('components', 'com_forum_thread_poll')->assign('thread', $thread)->assign('thread_poll', $thread_poll)->assign('user_id', $inUser->id)->assign('do', $thread_poll['show_result'] ? $do : 'thread')->assign('is_moder', $is_forum_moder)->assign('is_admin', $inUser->is_admin)->display('com_forum_thread_poll.tpl');
        cmsCore::halt(ob_get_clean());
    }
    if ($do == 'delete_poll') {
        if (!$inUser->id) {
            cmsCore::halt();
        }
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::halt();
        }
        $thread = $model->getThread($id);
        if (!$thread) {
            cmsCore::halt();
        }
        $path_list = $inDB->getNsCategoryPath('cms_forums', $thread['NSLeft'], $thread['NSRight'], 'id, title, access_list, moder_list');
        if ($path_list) {
            foreach ($path_list as $pcat) {
                if (!cmsCore::checkContentAccess($pcat['access_list'])) {
                    cmsCore::halt();
                }
            }
            $is_forum_moder = $model->isForumModerator($pcat['moder_list']);
        }
        $thread_poll = $model->getThreadPoll($thread['id']);
        if (!$thread_poll) {
            cmsCore::halt();
        }
        if (!$is_forum_moder && !$inUser->is_admin) {
            cmsCore::halt();
        }
        $model->deletePoll($thread_poll['id']);
        cmsCore::halt(1);
    }
    if ($do == 'vote_poll') {
        if (!$inUser->id) {
            cmsCore::halt();
        }
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::halt();
        }
        $answer = cmsCore::request('answer', 'str', '');
        $poll = $model->getPollById(cmsCore::request('poll_id', 'int'));
        if (!$answer || !$poll) {
            cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['SELECT_THE_OPTION']));
        }
        if ($model->isUserVoted($poll['id'])) {
            cmsCore::jsonOutput(array('error' => true, 'text' => ''));
        }
        $model->votePoll($poll, $answer);
        cmsCore::jsonOutput(array('error' => false, 'text' => ''));
    }
    //============================================================================//
    //========================= Последние сообщения ==============================//
    //============================================================================//
    if ($do == 'latest_posts') {
        $inActions = cmsActions::getInstance();
        $inPage->setTitle($_LANG['LATEST_POSTS_ON_FORUM']);
        $inPage->addPathway($_LANG['FORUMS'], '/forum');
        $inPage->addPathway($_LANG['LATEST_POSTS_ON_FORUM']);
        $inActions->showTargets(true);
        $action = $inActions->getAction('add_fpost');
        $inActions->onlySelectedTypes(array($action['id']));
        $total = $inActions->getCountActions();
        $inDB->limitPage($page, 15);
        $actions = $inActions->getActionsLog();
        if (!$actions && $page > 1) {
            cmsCore::error404();
        }
        cmsPage::initTemplate('components', 'com_forum_actions')->assign('actions', $actions)->assign('total', $total)->assign('do', $do)->assign('user_id', $inUser->id)->assign('pagetitle', $_LANG['LATEST_POSTS_ON_FORUM'])->assign('pagebar', cmsPage::getPagebar($total, $page, 15, '/forum/latest_posts/page-%page%'))->display('com_forum_actions.tpl');
    }
    //============================================================================//
    //============================= Последние темы ===============================//
    //============================================================================//
    if ($do == 'latest_thread') {
        $inActions = cmsActions::getInstance();
        $inPage->setTitle($_LANG['NEW_THREADS_ON_FORUM']);
        $inPage->addPathway($_LANG['FORUMS'], '/forum');
        $inPage->addPathway($_LANG['NEW_THREADS_ON_FORUM']);
        $inActions->showTargets(true);
        $action = $inActions->getAction('add_thread');
        $inActions->onlySelectedTypes(array($action['id']));
        $total = $inActions->getCountActions();
        $inDB->limitPage($page, 15);
        $actions = $inActions->getActionsLog();
        if (!$actions && $page > 1) {
            cmsCore::error404();
        }
        cmsPage::initTemplate('components', 'com_forum_actions')->assign('actions', $actions)->assign('total', $total)->assign('do', $do)->assign('user_id', $inUser->id)->assign('pagetitle', $_LANG['NEW_THREADS_ON_FORUM'])->assign('pagebar', cmsPage::getPagebar($total, $page, 15, '/forum/latest_thread/page-%page%'))->display('com_forum_actions.tpl');
    }
    //============================================================================//
    //========================== Просмотр категории ==============================//
    //============================================================================//
    if ($do == 'view_cat') {
        $cat = $model->getForumCat(cmsCore::request('seolink', 'str', ''));
        if (!$cat) {
            cmsCore::error404();
        }
        $cat = translations::process(cmsConfig::getConfig('lang'), 'forum_forum_cats', $cat);
        $inPage->setTitle($cat['pagetitle'] ? $cat['pagetitle'] : $cat['title']);
        $inPage->setDescription($cat['meta_desc'] ? $cat['meta_desc'] : $cat['title']);
        $inPage->setKeywords($cat['meta_keys'] ? $cat['meta_keys'] : $cat['title']);
        $inPage->addPathway($cat['title']);
        $model->whereForumCatIs($cat['id']);
        $sub_forums = $model->getForums();
        cmsPage::initTemplate('components', 'com_forum_list')->assign('pagetitle', $cat['title'])->assign('forums', $sub_forums)->assign('forum', array())->assign('cfg', $model->config)->assign('user_id', false)->display('com_forum_list.tpl');
        $inDB->addJoin('INNER JOIN cms_forums f ON f.id = t.forum_id');
        $inDB->where("t.is_hidden = 0");
        $model->whereForumCatIs($cat['id']);
        $inDB->orderBy('t.pubdate', 'DESC, t.hits DESC');
        $inDB->limit(15);
        $threads = $model->getThreads();
        cmsPage::initTemplate('components', 'com_forum_view')->assign('threads', $threads)->display('com_forum_view.tpl');
    }
    //============================================================================//
    //===================== Активность пользователя ==============================//
    //============================================================================//
    if ($do == 'user_activity') {
        $login = cmsCore::request('login', 'str', $inUser->login);
        $sub_do = cmsCore::request('sub_do', 'str', 'threads');
        $user = cmsUser::getShortUserData($login);
        if (!$user) {
            cmsCore::error404();
        }
        $my_profile = $inUser->login == $login;
        $pagetitle = $my_profile ? $_LANG['MY_ACTIVITY'] : $user['nickname'] . ' - ' . $_LANG['ACTIVITY_ON_FORUM'];
        $inPage->setTitle($pagetitle);
        $inPage->addPathway($pagetitle);
        $threads = array();
        $posts = array();
        if (!$my_profile && !$inUser->is_admin) {
            $model->wherePublicThreads();
        }
        $model->whereThreadUserIs($user['id']);
        $thread_count = $model->getThreadsCount();
        if ($sub_do == 'threads' && $thread_count) {
            $inDB->orderBy('t.pubdate', 'DESC, t.hits DESC');
            $inDB->limitPage($page, 15);
            $threads = $model->getThreads();
            $pagination = cmsPage::getPagebar($thread_count, $page, 15, "javascript:forum.getUserActivity('threads','/forum/{$user['login']}_activity.html','%page%');");
        }
        $inDB->resetConditions();
        // Если тем у пользователя нет, показываем вкладку сообщений
        if (!$thread_count) {
            $sub_do = 'posts';
        }
        $inDB->addSelect('t.title as thread_title');
        $inDB->addJoin('INNER JOIN cms_forum_threads t ON t.id = p.thread_id');
        $model->wherePostUserIs($user['id']);
        if (!$my_profile && !$inUser->is_admin) {
            $model->wherePublicThreads();
        }
        $post_count = $model->getPostsCount();
        // Если сообщений нет, 404
        if (!$post_count && !$my_profile) {
            cmsCore::error404();
        }
        if ($sub_do == 'posts' && $post_count) {
            $inDB->orderBy('p.thread_id', 'DESC, p.pubdate DESC');
            $inDB->limitPage($page, 10);
            $posts = $model->getPosts();
            $pagination = cmsPage::getPagebar($post_count, $page, 10, "javascript:forum.getUserActivity('posts','/forum/{$user['login']}_activity.html','%page%');");
        }
        $inDB->resetConditions();
        cmsPage::initTemplate('components', 'com_forum_user_activity')->assign('threads', $threads)->assign('posts', $posts)->assign('post_count', $post_count)->assign('thread_count', $thread_count)->assign('pagetitle', $pagetitle)->assign('sub_do', $sub_do)->assign('page', $page)->assign('user_id', $user['id'])->assign('my_profile', $my_profile)->assign('is_admin', $inUser->is_admin)->assign('is_moderator', cmsUser::isUserCan('forum/moderate'))->assign('pagination', $pagination)->assign('link', '/forum/' . $user['login'] . '_activity.html')->display('com_forum_user_activity.tpl');
    }
    ////////////////////////////////////////////////////////////////////////////////
    if ($do == 'delete_all_user_posts') {
        if (!$inUser->id) {
            cmsCore::error404();
        }
        if (!$inUser->is_admin && !cmsUser::isUserCan('forum/moderate')) {
            cmsCore::error404();
        }
        if (!cmsUser::checkCsrfToken()) {
            cmsCore::halt();
        }
        $user = cmsUser::getShortUserData(cmsCore::request('user_id', 'int', 0));
        if (!$user || $user['id'] == $inUser->id) {
            cmsCore::error404();
        }
        $model->deleteAllUserPosts($user['id']);
        cmsCore::addSessionMessage($_LANG['ALL_USERPOSTS_ISDELETED'], 'success');
        cmsCore::halt();
    }
}
示例#9
0
文件: model.php 项目: deltas1/icms1
 /**
  * Получаем комментарии по заданным параметрам
  * @return array
  */
 public function getComments($only_published = true, $is_tree = false, $from_module = false)
 {
     $inUser = cmsUser::getInstance();
     $comments = array();
     global $_LANG;
     $published = $only_published ? 'c.published = 1' : '1=1';
     $sql = "SELECT c.*,\r\n\t\t\t\t\t   IFNULL(u.nickname, 0) as nickname,\r\n\t\t\t\t\t   IFNULL(u.login, 0) as login,\r\n\t\t\t\t\t   IFNULL(u.is_deleted, 0) as is_deleted,\r\n\t\t\t\t\t   IFNULL(p.imageurl, 0) as imageurl,\r\n\t\t\t\t\t   IFNULL(p.gender, 0) as gender\r\n                FROM cms_comments c\r\n\t\t\t\tLEFT JOIN cms_users u ON u.id = c.user_id\r\n\t\t\t\tLEFT JOIN cms_user_profiles p ON p.user_id = u.id\r\n                WHERE {$published}\r\n\t\t\t\t\t{$this->inDB->where}\r\n\r\n                {$this->inDB->group_by}\r\n\r\n                {$this->inDB->order_by}\n";
     if ($this->inDB->limit) {
         $sql .= "LIMIT {$this->inDB->limit}";
     }
     $result = $this->inDB->query($sql);
     $this->inDB->resetConditions();
     if (!$this->inDB->num_rows($result)) {
         return array();
     }
     while ($comment = $this->inDB->fetch_assoc($result)) {
         $comment['level'] = 0;
         $comment['is_editable'] = $this->isEditable($comment['pubdate']);
         $comment['fpubdate'] = cmsCore::dateFormat($comment['pubdate'], true, true);
         if ($comment['guestname']) {
             $comment['author'] = $comment['guestname'];
             $comment['is_profile'] = false;
             $comment['ip'] = in_array($this->config['cmm_ip'], array(1, 2)) ? $comment['ip'] : '';
         } else {
             $comment['author']['nickname'] = $comment['nickname'];
             $comment['author']['login'] = $comment['login'];
             $comment['is_profile'] = true;
             $comment['user_image'] = cmsUser::getUserAvatarUrl($comment['user_id'], 'small', $comment['imageurl'], $comment['is_deleted']);
             $comment['ip'] = $this->config['cmm_ip'] == 2 && $comment['ip'] ? $comment['ip'] : '';
         }
         switch ($comment['gender']) {
             case 'm':
                 $comment['gender'] = $_LANG['COMMENTS_MALE'];
                 break;
             case 'f':
                 $comment['gender'] = $_LANG['COMMENTS_FEMALE'];
                 break;
             default:
                 $comment['gender'] = $_LANG['COMMENTS_GENDER'];
         }
         $comment['show'] = !$this->config['min_karma'] || $comment['rating'] >= $this->config['min_karma_show'] || cmsUser::userIsAdmin($comment['user_id']);
         $comment['is_my'] = $inUser->id == $comment['user_id'];
         if ($inUser->id) {
             $comment['is_voted'] = $comment['is_my'] ? true : cmsUser::isRateUser('comment', $inUser->id, $comment['id']);
         } else {
             $comment['is_voted'] = true;
         }
         $comments[] = $comment;
     }
     if ($is_tree) {
         $comments = $this->buildTree(0, 0, $comments);
     }
     return $from_module ? cmsCore::callEvent('GET_COMMENTS_MODULE', $comments) : cmsCore::callEvent('GET_COMMENTS', $comments);
 }
示例#10
0
function applet_userbanlist() {
    $inCore = cmsCore::getInstance();
    
    global $_LANG;
    global $adminAccess;
    
    if (!cmsUser::isAdminCan('admin/users', $adminAccess)) { cpAccessDenied(); }

    cmsCore::c('page')->setTitle($_LANG['AD_BANLIST']);
    cpAddPathway($_LANG['AD_USERS'], 'index.php?view=users');
    cpAddPathway($_LANG['AD_BANLIST'], 'index.php?view=userbanlist');

    $do = cmsCore::request('do', 'str', 'list');
    $id = cmsCore::request('id', 'int', -1);
    $to = cmsCore::request('to', 'int', 0);
    
    // для редиректа обратно в профиль на сайт
    if ($to) {
        cmsUser::sessionPut('back_url', cmsCore::getBackURL());
    }

    if ($do == 'list') {
        $toolmenu = array(
            array( 'icon' => 'useradd.gif', 'title' => $_LANG['AD_TO_BANLIST_ADD'], 'link' => '?view=userbanlist&do=add' ),
            array( 'icon' => 'edit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=userbanlist&do=edit&multiple=1');" ),
            array( 'icon' => 'delete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:checkSel('?view=userbanlist&do=delete&multiple=1');" )
        );

        cpToolMenu($toolmenu);

        $fields = array(
            array( 'title' => 'id', 'field' => 'id', 'width' => '40' ),
            array( 'title' => $_LANG['AD_IS_ACTIVE'], 'field' => 'status', 'width' => '65', 'prc' => 'cpYesNo' ),
            array( 'title' => $_LANG['AD_BANLIST_USER'], 'field' => 'user_id', 'width' => '120', 'filter' => '12', 'prc' => 'cpUserNick' ),
            array( 'title' => $_LANG['AD_BANLIST_IP'], 'field' => 'ip', 'width' => '100', 'link' => '?view=userbanlist&do=edit&id=%id%', 'filter' => '12' ),
            array( 'title' => $_LANG['DATE'], 'field' => 'bandate', 'width' => '', 'fdate' => '%d/%m/%Y %H:%i:%s', 'filter' => '12' ),
            array( 'title' => $_LANG['AD_BANLIST_TIME'], 'field' => 'int_num', 'width' => '55' ),
            array( 'title' => '', 'field' => 'int_period', 'width' => '70' ),
            array( 'title' => $_LANG['AD_AUTOREMOVE'], 'field' => 'autodelete', 'width' => '100', 'prc' => 'cpYesNo' )
        );
        
        $actions = array(
            array( 'title' => $_LANG['EDIT'], 'icon' => 'edit.gif', 'link' => '?view=userbanlist&do=edit&id=%id%' ),
            array( 'title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_REMOVE_RULE'], 'link' => '?view=userbanlist&do=delete&id=%id%' )
        );

        cpListTable('cms_banlist', $fields, $actions, '1=1', 'ip DESC');
    }

    if ($do == 'delete') {
        if (!cmsCore::inRequest('item')) {
            if ($id >= 0) { dbDelete('cms_banlist', $id); }
        } else {
            dbDeleteList('cms_banlist', cmsCore::request('item', 'array_int', array()));
        }
        cmsCore::redirect('?view=userbanlist');
    }

    if ($do == 'submit' || $do == 'update') {
        if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); }

        $types = array(
            'user_id' => array( 'user_id', 'int', 0 ),
            'ip' => array( 'ip', 'str', '' ),
            'cause' => array( 'cause', 'str', '' ),
            'autodelete' => array( 'autodelete', 'int', 0 ),
            'int_num' => array( 'int_num', 'int', 0 ),
            'int_period' => array( 'int_period', 'str', '', create_function('$p', 'if(!in_array($p, array("MONTH","DAY","HOUR","MINUTE"))){ $p = "MINUTE"; } return $p;') )
        );

        $items = cmsCore::getArrayFromRequest($types);

        $error = false;

        if (!$items['ip']) {
            $error = true;
            cmsCore::addSessionMessage($_LANG['AD_NEED_IP'], 'error');
        }
        
        if ($items['ip'] == $_SERVER['REMOTE_ADDR'] ||
            $items['user_id'] == cmsCore::c('user')->id) {
            $error = true;
            cmsCore::addSessionMessage($_LANG['AD_ITS_YOUR_IP'], 'error');
        }

        if (cmsUser::userIsAdmin($items['user_id'])) {
            $error = true;
            cmsCore::addSessionMessage($_LANG['AD_ITS_ADMIN'], 'error');
        }

        if ($error) {
            cmsCore::redirectBack();
        }

        if ($do == 'update') {
            cmsCore::c('db')->update('cms_banlist', $items, $id);

            if (empty($_SESSION['editlist'])) {
                cmsCore::redirect('?view=userbanlist');
            } else {
                cmsCore::redirect('?view=userbanlist&do=edit');
            }
        }

        cmsCore::c('db')->insert('cms_banlist', $items);
        $back_url = cmsUser::sessionGet('back_url');
        cmsUser::sessionDel('back_url');
        cmsCore::redirect($back_url ? $back_url : '?view=userbanlist');
    }

    if ($do == 'add' || $do == 'edit') {
        cmsCore::c('page')->addHeadJS('admin/js/banlist.js');

        $toolmenu = array(
            array( 'icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();' ),
            array( 'icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'javascript:history.go(-1);' )
        );

        cpToolMenu($toolmenu);

        if ($do == 'add') {
            echo '<h3>'. $_LANG['AD_TO_BANLIST_ADD'] .'</h3>';
            cpAddPathway($_LANG['AD_TO_BANLIST_ADD']);
        } else {
            if (cmsCore::inRequest('multiple')) {
                if (cmsCore::inRequest('item')) {
                    $_SESSION['editlist'] = cmsCore::request('item', 'array_int', array());
                } else {
                    cmsCore::addSessionMessage($_LANG['AD_NO_SELECT_OBJECTS'], 'error');
                    cmsCore::redirectBack();
                }
            }

            $ostatok = '';

            if (isset($_SESSION['editlist'])) {
                $item_id = array_shift($_SESSION['editlist']);
                if (count($_SESSION['editlist']) == 0) {
                   unset($_SESSION['editlist']);
                } else {
                    $ostatok = '('. $_LANG['AD_NEXT_IN'] . count($_SESSION['editlist']) .')';
                }
            } else {
                $item_id = cmsCore::request('id', 'int', 0);
            }

            $mod = cmsCore::c('db')->get_fields('cms_banlist', "id = '". $item_id ."'", '*');
            if (!$mod) { cmsCore::error404(); }

            echo '<h3>'. $_LANG['AD_EDIT_RULE'] .' '. $ostatok .'</h3>';

            cpAddPathway($_LANG['AD_EDIT_RULE']);
        }
?>
<form id="addform" name="addform" method="post" action="index.php?view=userbanlist">
    <input type="hidden" name="csrf_token" value="<?php echo cmsUser::getCsrfToken(); ?>" />
    
    <div style="width:500px;">
        <div class="alert alert-warning">
            <strong><?php echo $_LANG['ATTENTION'];?>!</strong>
            <div><?php echo $_LANG['AD_CAUTION_INFO_0'];?></div>
            <div><?php echo $_LANG['AD_CAUTION_INFO_1'];?></div>
        </div>
        
        <div class="form-group">
            <label><?php echo $_LANG['AD_BANLIST_USER'];?>:</label>
            <?php if ($do == 'add' && $to) { $mod['user_id'] = $to; $mod['ip'] = cmsCore::c('db')->get_field('cms_users', 'id='. $to, 'last_ip'); } ?>
            <select id="user_id" class="form-control" name="user_id" onchange="loadUserIp()">
                <option value="0" <?php if (!cmsCore::getArrVal($mod, 'user_id')){ echo 'selected="selected"'; } ?>><?php echo $_LANG['AD_WHITHOUT_USER']; ?></option>
                <?php
                    echo $inCore->getListItems('cms_users', cmsCore::getArrVal($mod, 'user_id', 0), 'nickname', 'ASC', 'is_deleted=0 AND is_locked=0', 'id', 'nickname');
                ?>
            </select>
        </div>

        <div class="form-group">
            <label><?php echo $_LANG['AD_BANLIST_IP'];?>:</label>
            <input type="text" id="ip" class="form-control" name="ip" value="<?php echo cmsCore::getArrVal($mod, 'ip', ''); ?>"/>
        </div>
        
        <div class="form-group">
            <label><?php echo $_LANG['AD_BANLIST_CAUSE'];?>:</label>
            <textarea class="form-control" name="cause" rows="5"><?php echo cmsCore::getArrVal($mod, 'cause', ''); ?></textarea>
        </div>
        
        <?php $forever = false; if (!cmsCore::getArrVal($mod, 'int_num')) { $forever = true; } ?>
        
        <div class="form-group">
            <label>
                <?php echo $_LANG['AD_BAN_FOREVER'];?>
                <input type="checkbox" name="forever" value="1" <?php if ($forever){ echo 'checked="checked"'; } ?> onclick="$('#bantime').toggle();" />
            </label>
        </div>
        
        <div id="bantime" class="form-group">
            <label><?php echo $_LANG['AD_BAN_FOR_TIME'];?></label>
            <input type="number" id="int_num" class="form-control" name="int_num" min="0" value="<?php echo cmsCore::getArrVal($mod, 'int_num', 0); ?>" />
            <select id="int_period" class="form-control" name="int_period">
                <option value="MINUTE"  <?php if (mb_strstr(cmsCore::getArrVal($mod, 'int_period', ''), 'MINUTE')) { echo 'selected="selected"'; } ?>><?php echo $_LANG['MINUTE10']; ?></option>]
                <option value="HOUR"  <?php if (mb_strstr(cmsCore::getArrVal($mod, 'int_period', ''), 'HOUR')) { echo 'selected="selected"'; } ?>><?php echo $_LANG['HOUR10']; ?></option>
                <option value="DAY" <?php if (mb_strstr(cmsCore::getArrVal($mod, 'int_period', ''), 'DAY')) { echo 'selected="selected"'; } ?>><?php echo $_LANG['DAY10']; ?></option>
                <option value="MONTH" <?php if (mb_strstr(cmsCore::getArrVal($mod, 'int_period', ''), 'MONTH')) { echo 'selected="selected"'; } ?>><?php echo $_LANG['MONTH10']; ?></option>
            </select>
            <div class="checkbox">
                <label><input type="checkbox" id="autodelete" name="autodelete" value="1" <?php if($mod['autodelete']) { echo 'checked="checked"'; } ?> /> <?php echo $_LANG['AD_REMOVE_BAN'];?></label>
            </div>
            <?php if ($forever) { ?><script type="text/javascript">$('#bantime').hide();</script><?php } ?>
        </div>
    </div>

    <div>
        <input type="submit" class="btn btn-primary" name="add_mod" value="<?php if ($do == 'add') { echo $_LANG['AD_TO_BANLIST_ADD']; } else { echo $_LANG['SAVE']; } ?>" />
        <input type="button" class="btn btn-default" name="back" value="<?php echo $_LANG['CANCEL']; ?>" onclick="window.history.back();"/>

        <input name="do" type="hidden" value="<?php if ($do == 'add') { echo 'submit'; } else { echo 'update'; } ?>" />
        <?php
            if ($do == 'edit') {
                echo '<input type="hidden" name="id" value="'. $mod['id'] .'" />';
            }
        ?>
    </div>
</form>
<?php
   }
}